ant-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anto...@apache.org
Subject svn commit: r1476700 - in /ant/core/trunk: WHATSNEW manual/Tasks/signjar.html manual/Tasks/verifyjar.html manual/tasklist.html src/main/org/apache/tools/ant/taskdefs/AbstractJarSignerTask.java
Date Sun, 28 Apr 2013 00:53:08 GMT
Author: antoine
Date: Sun Apr 28 00:53:08 2013
New Revision: 1476700

URL: http://svn.apache.org/r1476700
Log:
adding strict attribute to signjar task, PR 54889

Added:
    ant/core/trunk/manual/Tasks/verifyjar.html
      - copied, changed from r1476697, ant/core/trunk/manual/Tasks/signjar.html
Modified:
    ant/core/trunk/WHATSNEW
    ant/core/trunk/manual/Tasks/signjar.html
    ant/core/trunk/manual/tasklist.html
    ant/core/trunk/src/main/org/apache/tools/ant/taskdefs/AbstractJarSignerTask.java

Modified: ant/core/trunk/WHATSNEW
URL: http://svn.apache.org/viewvc/ant/core/trunk/WHATSNEW?rev=1476700&r1=1476699&r2=1476700&view=diff
==============================================================================
--- ant/core/trunk/WHATSNEW (original)
+++ ant/core/trunk/WHATSNEW Sun Apr 28 00:53:08 2013
@@ -24,6 +24,9 @@ Fixed bugs:
 Other changes:
 --------------
 
+ * strict attribute added to <signjar>.
+   Bugzilla Report 54889.
+
 Changes from Ant 1.8.4 TO Ant 1.9.0
 ===================================
 
@@ -127,7 +130,8 @@ Other changes:
    archives using Zip64 extensions (files and archives bigger that 4GB
    and with more that 64k entries).
 
- * a new task <commandlaucher> can be used to configure the
+ * a new task <commandlaun
+ cher> can be used to configure the
    CommandLauncher used by Ant when forking external programs or new
    Java VMs.
    Bugzilla Report 52706.

Modified: ant/core/trunk/manual/Tasks/signjar.html
URL: http://svn.apache.org/viewvc/ant/core/trunk/manual/Tasks/signjar.html?rev=1476700&r1=1476699&r2=1476700&view=diff
==============================================================================
--- ant/core/trunk/manual/Tasks/signjar.html (original)
+++ ant/core/trunk/manual/Tasks/signjar.html Sun Apr 28 00:53:08 2013
@@ -100,6 +100,11 @@ and <tt>lazy</tt> is false, the JAR is s
     <td valign="top" align="center">No; default false</td>
   </tr>
   <tr>
+    <td valign="top">strict</td>
+    <td valign="top">(true | false) strict checking when signing.<br/><em>since
Ant 1.9.1</em>.</td>
+    <td valign="top" align="center">No; default false</td>
+  </tr>
+  <tr>
     <td valign="top">internalsf</td>
     <td valign="top">(true | false) include the .SF file inside the signature
 block</td>

Copied: ant/core/trunk/manual/Tasks/verifyjar.html (from r1476697, ant/core/trunk/manual/Tasks/signjar.html)
URL: http://svn.apache.org/viewvc/ant/core/trunk/manual/Tasks/verifyjar.html?p2=ant/core/trunk/manual/Tasks/verifyjar.html&p1=ant/core/trunk/manual/Tasks/signjar.html&r1=1476697&r2=1476700&rev=1476700&view=diff
==============================================================================
--- ant/core/trunk/manual/Tasks/signjar.html (original)
+++ ant/core/trunk/manual/Tasks/verifyjar.html Sun Apr 28 00:53:08 2013
@@ -19,31 +19,18 @@
 <head>
 <meta http-equiv="Content-Language" content="en-us">
 <link rel="stylesheet" type="text/css" href="../stylesheets/style.css">
-<title>SignJar Task</title>
+<title>VerifyJar Task</title>
 </head>
 
 <body>
 
-<h2><a name="signjar">SignJar</a></h2>
+<h2><a name="verifyjar">VerifyJar</a></h2>
 <h3>Description</h3>
-<p>Signs JAR files with the <tt>jarsigner</tt> command line tool. 
-It will take a named file in the <tt>jar</tt> attribute, and an optional
-<tt>destDir</tt> or <tt>signedJar</tt> attribute. Nested paths are
also
-supported; here only an (optional) <tt>destDir</tt> is allowed. If a destination
-directory or explicit JAR file name is not provided, JARs are signed in place.
+<p>Verifies JAR files with the <tt>jarsigner</tt> command line tool.
+It will take a named file in the <tt>jar</tt> attribute. Nested paths are also
+supported
 </p>
-<p>
-Dependency rules
-</p>
-<ul>
-<li>Nonexistent destination JARs are created/signed</li>
-<li>Out of date destination JARs are created/signed</li>
-<li>If a destination file and a source file are the same,
-and <tt>lazy</tt> is true, the JAR is only signed if it does not 
-contain a signature by this alias.</li>
-<li>If a destination file and a source file are the same,
-and <tt>lazy</tt> is false, the JAR is signed.</li> 
-</ul>
+
 
 <h3>Parameters</h3>
 <table border="1" cellpadding="2" cellspacing="0">
@@ -54,13 +41,13 @@ and <tt>lazy</tt> is false, the JAR is s
   </tr>
   <tr>
     <td valign="top">jar</td>
-    <td valign="top">the jar file to sign</td>
+    <td valign="top">the jar file to verify</td>
     <td valign="top" align="center">Yes, unless nested paths have
       been used.</td>
   </tr>
   <tr>
     <td valign="top">alias</td>
-    <td valign="top">the alias to sign under</td>
+    <td valign="top">the alias to verify under</td>
     <td valign="top" align="center">Yes.</td>
   </tr>
   <tr>
@@ -84,37 +71,18 @@ and <tt>lazy</tt> is false, the JAR is s
     <td valign="top" align="center">No</td>
   </tr>
   <tr>
-    <td valign="top">sigfile</td>
-    <td valign="top">name of .SF/.DSA file</td>
-    <td valign="top" align="center">No</td>
-  </tr>
-  <tr>
-    <td valign="top">signedjar</td>
-    <td valign="top">name of signed JAR file. This can only be set when 
-    the <tt>jar</tt> attribute is set.</td>
-    <td valign="top" align="center">No.</td>
-  </tr>
-  <tr>
-    <td valign="top">verbose</td>
-    <td valign="top">(true | false) verbose output when signing</td>
-    <td valign="top" align="center">No; default false</td>
-  </tr>
-  <tr>
-    <td valign="top">internalsf</td>
-    <td valign="top">(true | false) include the .SF file inside the signature
-block</td>
+    <td valign="top">certificates</td>
+    <td valign="top">(true | false) display information about certificates</td>
     <td valign="top" align="center">No; default false</td>
   </tr>
   <tr>
-    <td valign="top">sectionsonly</td>
-    <td valign="top">(true | false) don't compute hash of entire manifest</td>
+    <td valign="top">verbose</td>
+    <td valign="top">(true | false) verbose output when verifying</td>
     <td valign="top" align="center">No; default false</td>
   </tr>
   <tr>
-    <td valign="top">lazy</td>
-    <td valign="top">flag to control whether the presence of a signature
-  file means a JAR is signed. This is only used when the target JAR matches
-  the source JAR</td>
+    <td valign="top">strict</td>
+    <td valign="top">(true | false) strict checking when verifying.<br/><em>since
Ant 1.9.1</em>.</td>
     <td valign="top" align="center">No; default false</td>
   </tr>
   <tr>
@@ -124,24 +92,6 @@ block</td>
     <td valign="top" align="center">No</td>
   </tr>
   <tr>
-    <td valign="top">preservelastmodified</td>
-    <td valign="top">Give the signed files the same last modified
-      time as the original jar files.</td>
-    <td valign="top" align="center">No; default false.</td>
-  </tr>
-  <tr>
-    <td valign="top">tsaurl</td>
-    <td valign="top">URL for a timestamp authority for timestamped
-    JAR files in Java1.5+</td>
-    <td valign="top" align="center">No</td>
-  </tr>
-  <tr>
-    <td valign="top">tsacert</td>
-    <td valign="top">alias in the keystore for a timestamp authority for 
-    timestamped JAR files in Java1.5+</td>
-    <td valign="top" align="center">No</td>
-  </tr>
-  <tr>
     <td valign="top">executable</td>
     <td valign="top">Specify a particular <code>jarsigner</code> executable
       to use in place of the default binary (found in the same JDK as
@@ -151,23 +101,6 @@ block</td>
       <em>since Ant 1.8.0</em>.</td>
     <td align="center" valign="top">No</td>
   </tr>  
-  <tr>
-    <td valign="top">force</td>
-    <td valign="top">Whether to force signing of the jar file even if
-      it doesn't seem to be out of date or already signed.
-      <em>since Ant 1.8.0</em>.</td>
-    <td align="center" valign="top">No; default false</td>
-  </tr>  
-  <tr>
-    <td valign="top">sigalg</td>
-    <td valign="top">name of signature algorithm</td>
-    <td valign="top" align="center">No</td>
-  </tr>
-  <tr>
-    <td valign="top">digestalg</td>
-    <td valign="top">name of digest algorithm</td>
-    <td valign="top" align="center">No</td>
-  </tr>
 </table>
 <h3>Parameters as nested elements</h3>
 <table border="1" cellpadding="2" cellspacing="0">
@@ -178,20 +111,15 @@ block</td>
   </tr>
   <tr>
     <td valign="top">path</td>
-    <td valign="top">path of JAR files to sign. <em>since Ant 1.7</em></td>
+    <td valign="top">path of JAR files to verify. <em>since Ant 1.7</em></td>
     <td valign="top" align="center">No</td>
   </tr>
   <tr>
     <td valign="top">fileset</td>
-    <td valign="top">fileset of JAR files to sign. </td>
+    <td valign="top">fileset of JAR files to verify. </td>
     <td valign="top" align="center">No</td>
   </tr>
   <tr>
-    <td valign="top">mapper</td>
-    <td valign="top">A mapper to rename jar files during signing</td>
-    <td valign="top" align="center">No, and only one can be supplied</td>
-  </tr>
-  <tr>
     <td valign="top">sysproperty</td>
     <td valign="top">JVM system properties, with the syntax of Ant
     <a href="exec.html#env">environment variables</a> </td>
@@ -202,69 +130,13 @@ block</td>
 
 <h3>Examples</h3>
   <blockquote><pre>
-&lt;signjar jar=&quot;${dist}/lib/ant.jar&quot;
+&lt;verifyjar jar=&quot;${dist}/lib/ant.jar&quot;
 alias=&quot;apache-group&quot; storepass=&quot;secret&quot;/&gt;
 </pre></blockquote>
 <p>
-  signs the ant.jar with alias &quot;apache-group&quot; accessing the
+  verifies the ant.jar with alias &quot;apache-group&quot; accessing the
   keystore and private key via &quot;secret&quot; password.
 </p>
-  <blockquote><pre>
-&lt;signjar destDir="signed"
-    alias="testonly" keystore="testkeystore"
-    storepass="apacheant"
-    preservelastmodified="true"&gt;
-  &lt;path&gt;
-    &lt;fileset dir="dist" includes="**/*.jar" /&gt;
-  &lt;/path&gt;
-  &lt;flattenmapper /&gt;
-&lt;/signjar&gt;
-</pre></blockquote>
-<p>
-Sign all JAR files matching the dist/**/*.jar pattern, copying them to the
-directory "signed" afterwards. The flatten mapper means that they will
-all be copied to this directory, not to subdirectories.
-
-</p>
-  <blockquote><pre>
-&lt;signjar
-    alias="testonly" keystore="testkeystore"
-    storepass="apacheant"
-    lazy="true"
-    &gt;
-  &lt;path&gt;
-    &lt;fileset dir="dist" includes="**/*.jar" /&gt;
-  &lt;/path&gt;
-&lt;/signjar&gt;
-</pre></blockquote>
-<p>
-Sign all the JAR files in dist/**/*.jar <i>in-situ</i>. Lazy signing is used,
-so the files will only be signed if they are not already signed.
-</p>
-  <blockquote><pre>
-&lt;signjar
-    alias="testonly" keystore="testkeystore"
-    storepass="apacheant"
-    sigalg="MD5withRSA"
-    digestalg="SHA1"&gt;
-  &lt;path&gt;
-    &lt;fileset dir="dist" includes="**/*.jar" /&gt;
-  &lt;/path&gt;
-&lt;/signjar&gt;
-</pre></blockquote>
-<p>
-Sign all the JAR files in dist/**/*.jar using the digest algorithm SHA1 and the
-signature algorithm MD5withRSA. This is especially useful when you want to use
-the JDK 7 jarsigner (which uses SHA256 and SHA256withRSA as default) to create
-signed jars that will be deployed on platforms not supporting SHA256 and
-SHA256withRSA.
-</p>
-<h3>About timestamp signing</h3>
-
-<p>
-Timestamped JAR files are a new feature in Java1.5; a feature supported in Ant since
-Ant 1.7. Ant does not yet support proxy setup for this signing process. 
-</p>
 
 
 

Modified: ant/core/trunk/manual/tasklist.html
URL: http://svn.apache.org/viewvc/ant/core/trunk/manual/tasklist.html?rev=1476700&r1=1476699&r2=1476700&view=diff
==============================================================================
--- ant/core/trunk/manual/tasklist.html (original)
+++ ant/core/trunk/manual/tasklist.html Sun Apr 28 00:53:08 2013
@@ -180,6 +180,7 @@
 <li><a href="Tasks/unzip.html">Unwar</a></li>
 <li><a href="Tasks/unzip.html">Unzip</a></li>
 <li><a href="Tasks/uptodate.html">Uptodate</a></li>
+<li><a href="Tasks/verifyjar.html">VerifyJar</a></li>
 <li><a href="Tasks/vss.html#tasks">Microsoft Visual SourceSafe Tasks</a></li>
 <li><a href="Tasks/waitfor.html">Waitfor</a></li>
 <li><a href="Tasks/war.html">War</a></li>

Modified: ant/core/trunk/src/main/org/apache/tools/ant/taskdefs/AbstractJarSignerTask.java
URL: http://svn.apache.org/viewvc/ant/core/trunk/src/main/org/apache/tools/ant/taskdefs/AbstractJarSignerTask.java?rev=1476700&r1=1476699&r2=1476700&view=diff
==============================================================================
--- ant/core/trunk/src/main/org/apache/tools/ant/taskdefs/AbstractJarSignerTask.java (original)
+++ ant/core/trunk/src/main/org/apache/tools/ant/taskdefs/AbstractJarSignerTask.java Sun Apr
28 00:53:08 2013
@@ -67,6 +67,11 @@ public abstract class AbstractJarSignerT
      */
     protected boolean verbose;
     /**
+     * strict checking
+     * @since Ant 1.9.1
+     */
+    protected boolean strict = false;
+    /**
      * The maximum amount of memory to use for Jar signer
      */
     protected String maxMemory;
@@ -185,6 +190,15 @@ public abstract class AbstractJarSignerT
     }
 
     /**
+     * do strict checking
+     * @since Ant 1.9.1
+     * @param strict
+     */
+    public void setStrict(boolean strict) {
+        this.strict = strict;
+    }
+
+    /**
      * Adds a set of files to sign
      *
      * @param set a set of files to sign
@@ -289,6 +303,10 @@ public abstract class AbstractJarSignerT
             addValue(cmd, "-verbose");
         }
 
+        if (strict) {
+            addValue(cmd, "-strict");
+        }
+
         //now patch in all system properties
         for (Environment.Variable variable : sysProperties.getVariablesVector()) {
             declareSysProperty(cmd, variable);



Mime
View raw message