ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <ste...@apache.org>
Subject complex signing logic in signjar
Date Tue, 22 Mar 2005 14:18:40 GMT
I am reworking signjar to do filesets with dest dirs, and the dependency 
logic is causing trouble:

     protected boolean isUpToDate(File jarFile, File signedjarFile) {
         if (null == jarFile) {
             return false;
         }

         if (null != signedjarFile) {

             if (!jarFile.exists()) {
               return false;
             }
             if (!signedjarFile.exists()) {
               return false;
             }
             if (jarFile.equals(signedjarFile)) {
               return false;
             }
             if (FILE_UTILS.isUpToDate(jarFile, signedjarFile)) {
                 return true;
             }
         } else {
             if (lazy) {
                 return isSigned(jarFile);
             }
         }

         return false;
     }


1. the lazy flag is only used if the signedJarfile is empty; that is, we 
only compare ourself.
     if you had  <signjar jar="foo.jar" signedjar="foo.jar" /> the check 
would not take place.

2. but it would engage when checking filesets, because they always run 
with signedJarFile==null

3. and there is no check that the jar is signed by who is actually 
signing the JAR now.

Why dont we do an isSigned check whenever the dest jar exists?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message