ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 33497] - Add "toDir" to SignJar task for use with nested filesets, to avoid resigning.
Date Thu, 10 Feb 2005 19:57:36 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=33497>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=33497





------- Additional Comments From drollo@ets.org  2005-02-10 20:57 -------
Matt,

Apologies if I'm totally missing the point of your question. What I'm asking for
is indeed the exact same behavior that occurs with SignJar now when a single
file is used:

    <signjar keystore="${security.keystore}"
        storepass="${security.storepass}"
        keypass="${security.keypass}"
        alias="${security.alias}"
        jar="dist/signed/one.jar"
        signedjar="dist/signed/one.jar"
        />

The very fist time the above example is called, a new output jar will be created
and signed (dist/signed/one.jar).
If you call the same example 5 minutes later, the above example will NOT resign
the output jar (dist/signed/one.jar) if the input jar (dist/unsigned/one.jar)
has not changed.

I'd like the example I provided in Additional Comment #2 (above) to behave in
exactly the same way. Calling signjar many minutes later should avoid resigning
any output jar who's input jar is unchanged.

In answer to you general "jar-signing" question: Resigning a jar with the same
credentials is not dangerous, except for the huge waste of time it incurs. The
important point for this request is: When I talk about "resign", I am not
refering to a single invokation of ant signing jars multiple times. I am
refering to totally separate invocations of ant being smart enough to avoid
doing the work of signing a jar that is already signed when there is no reason
to sign the jar again (as in exactly how the signjar task works today when the
"jar" and "signedjar" attributes are used instead of a fileset). 

This is a request for enhancement, and is NOT reporting a bug involving jars
being signed multiple times during a single invocation.

Clear as mud?

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message