ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Donald <dona...@apache.org>
Subject Re: signjar which does more than one file and dependency checking
Date Thu, 14 Jun 2001 13:08:05 GMT
At 01:50 PM 6/14/01 +0100, Nick Fortescue wrote:
>There are two things we'd really like in the signjar task here
>
>1) Being able to specify jars to sign in a fileset.
>2) Checking the jars (maybe using jarsigner -verify) to see if the need
>signing before signing them.
>
>The reason for signing a bunch of jars at once is for a release script under
>JavaWebStart. The reason for the verify is signing can be very slow, and
>we'd rather not have it done if not necessary. If no-one else has done this
>I'll write it myself, but if it's been done already I'd rather not duplicate
>the the work.

I don't have the source with me at the moment but there are two file
attributes to task. One is "source" jar and one is "destination" jar (ie
post signing). If you do not specify destination then it is assumed
destination == source. However if you do specify destination then the task
will check if destination exists and if it is newer than source destination
and key. If it is newer then the task doesn't run else it does run.

If you can think of a better way of verifying it has been signed that is
low cost - feel free to implement it. If you were to implement fileset
signing you would also have to integrate this dependency testing aswell.

>While I'm at it, various messages in the archive mention an scp task. Is
>there one available. exec doesn't work because of the lack of a controlling
>shell. Or am I missing something?

Do you mean that scp does not work because you can't specify password? If
so then it may be useful to use the public keypairs facility and start
agent before running task. Thats about only safe solution I can think of.


>
>Nick Fortescue
>
>
Cheers,

Pete

*-----------------------------------------------------*
| "Faced with the choice between changing one's mind, |
| and proving that there is no need to do so - almost |
| everyone gets busy on the proof."                   |
|              - John Kenneth Galbraith               |
*-----------------------------------------------------*


Mime
View raw message