SignJar Task

Return-Path: X-Original-To: apmail-ant-notifications-archive@minotaur.apache.org Delivered-To: apmail-ant-notifications-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8BE0D1044E for ; Sun, 28 Apr 2013 00:53:31 +0000 (UTC) Received: (qmail 18644 invoked by uid 500); 28 Apr 2013 00:53:31 -0000 Delivered-To: apmail-ant-notifications-archive@ant.apache.org Received: (qmail 18558 invoked by uid 500); 28 Apr 2013 00:53:31 -0000 Mailing-List: contact notifications-help@ant.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ant.apache.org Delivered-To: mailing list notifications@ant.apache.org Received: (qmail 18545 invoked by uid 99); 28 Apr 2013 00:53:31 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 28 Apr 2013 00:53:31 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 28 Apr 2013 00:53:29 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 3E09B23888E4 for ; Sun, 28 Apr 2013 00:53:09 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1476700 - in /ant/core/trunk: WHATSNEW manual/Tasks/signjar.html manual/Tasks/verifyjar.html manual/tasklist.html src/main/org/apache/tools/ant/taskdefs/AbstractJarSignerTask.java Date: Sun, 28 Apr 2013 00:53:08 -0000 To: notifications@ant.apache.org From: antoine@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130428005309.3E09B23888E4@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: antoine Date: Sun Apr 28 00:53:08 2013 New Revision: 1476700 URL: http://svn.apache.org/r1476700 Log: adding strict attribute to signjar task, PR 54889 Added: ant/core/trunk/manual/Tasks/verifyjar.html - copied, changed from r1476697, ant/core/trunk/manual/Tasks/signjar.html Modified: ant/core/trunk/WHATSNEW ant/core/trunk/manual/Tasks/signjar.html ant/core/trunk/manual/tasklist.html ant/core/trunk/src/main/org/apache/tools/ant/taskdefs/AbstractJarSignerTask.java Modified: ant/core/trunk/WHATSNEW URL: http://svn.apache.org/viewvc/ant/core/trunk/WHATSNEW?rev=1476700&r1=1476699&r2=1476700&view=diff ============================================================================== --- ant/core/trunk/WHATSNEW (original) +++ ant/core/trunk/WHATSNEW Sun Apr 28 00:53:08 2013 @@ -24,6 +24,9 @@ Fixed bugs: Other changes: -------------- + * strict attribute added to . + Bugzilla Report 54889. + Changes from Ant 1.8.4 TO Ant 1.9.0 =================================== @@ -127,7 +130,8 @@ Other changes: archives using Zip64 extensions (files and archives bigger that 4GB and with more that 64k entries). - * a new task can be used to configure the + * a new task can be used to configure the CommandLauncher used by Ant when forking external programs or new Java VMs. Bugzilla Report 52706. Modified: ant/core/trunk/manual/Tasks/signjar.html URL: http://svn.apache.org/viewvc/ant/core/trunk/manual/Tasks/signjar.html?rev=1476700&r1=1476699&r2=1476700&view=diff ============================================================================== --- ant/core/trunk/manual/Tasks/signjar.html (original) +++ ant/core/trunk/manual/Tasks/signjar.html Sun Apr 28 00:53:08 2013 @@ -100,6 +100,11 @@ and lazy is false, the JAR is s No; default false + strict + (true | false) strict checking when signing.
since Ant 1.9.1. + No; default false + + internalsf (true | false) include the .SF file inside the signature block Copied: ant/core/trunk/manual/Tasks/verifyjar.html (from r1476697, ant/core/trunk/manual/Tasks/signjar.html) URL: http://svn.apache.org/viewvc/ant/core/trunk/manual/Tasks/verifyjar.html?p2=ant/core/trunk/manual/Tasks/verifyjar.html&p1=ant/core/trunk/manual/Tasks/signjar.html&r1=1476697&r2=1476700&rev=1476700&view=diff ============================================================================== --- ant/core/trunk/manual/Tasks/signjar.html (original) +++ ant/core/trunk/manual/Tasks/verifyjar.html Sun Apr 28 00:53:08 2013 @@ -19,31 +19,18 @@ -SignJar Task +VerifyJar Task -

SignJar

VerifyJar

Description

Signs JAR files with the jarsigner command line tool. -It will take a named file in the jar attribute, and an optional -destDir or signedJar attribute. Nested paths are also -supported; here only an (optional) destDir is allowed. If a destination -directory or explicit JAR file name is not provided, JARs are signed in place. +

Verifies JAR files with the jarsigner command line tool. +It will take a named file in the jar attribute. Nested paths are also +supported

-Dependency rules -

Nonexistent destination JARs are created/signed
Out of date destination JARs are created/signed
If a destination file and a source file are the same, -and lazy is true, the JAR is only signed if it does not -contain a signature by this alias.
If a destination file and a source file are the same, -and lazy is false, the JAR is signed.

Parameters

@@ -54,13 +41,13 @@ and lazy is false, the JAR is s - + - + @@ -84,37 +71,18 @@ and lazy is false, the JAR is s - - - - - - - - - - - - - - - - - + + - - + + - - + + @@ -124,24 +92,6 @@ block - - - - - - - - - - - - - - - since Ant 1.8.0. - - - - - - - - - - - - - - -

jar	the jar file to sign	the jar file to verify	Yes, unless nested paths have been used.
alias	the alias to sign under	the alias to verify under	Yes.
No
sigfile	name of .SF/.DSA file	No
signedjar	name of signed JAR file. This can only be set when - the `jar` attribute is set.	No.
verbose	(true \| false) verbose output when signing	No; default false
internalsf	(true \| false) include the .SF file inside the signature -block	certificates	(true \| false) display information about certificates	No; default false
sectionsonly	(true \| false) don't compute hash of entire manifest	verbose	(true \| false) verbose output when verifying	No; default false
lazy	flag to control whether the presence of a signature - file means a JAR is signed. This is only used when the target JAR matches - the source JAR	strict	(true \| false) strict checking when verifying. since Ant 1.9.1.	No; default false
No
preservelastmodified	Give the signed files the same last modified - time as the original jar files.	No; default false.
tsaurl	URL for a timestamp authority for timestamped - JAR files in Java1.5+	No
tsacert	alias in the keystore for a timestamp authority for - timestamped JAR files in Java1.5+	No
executable	Specify a particular `jarsigner` executable to use in place of the default binary (found in the same JDK as @@ -151,23 +101,6 @@ block	No
force	Whether to force signing of the jar file even if - it doesn't seem to be out of date or already signed. - since Ant 1.8.0.	No; default false
sigalg	name of signature algorithm	No
digestalg	name of digest algorithm	No

Parameters as nested elements

@@ -178,20 +111,15 @@ block - + - + - - - - - @@ -202,69 +130,13 @@ block

Examples

-<signjar jar="${dist}/lib/ant.jar"
+<verifyjar jar="${dist}/lib/ant.jar"
 alias="apache-group" storepass="secret"/>

- signs the ant.jar with alias "apache-group" accessing the + verifies the ant.jar with alias "apache-group" accessing the keystore and private key via "secret" password.

-<signjar destDir="signed"
-    alias="testonly" keystore="testkeystore"
-    storepass="apacheant"
-    preservelastmodified="true">
-  <path>
-    <fileset dir="dist" includes="**/*.jar" />
-  </path>
-  <flattenmapper />
-</signjar>
-

-Sign all JAR files matching the dist/**/*.jar pattern, copying them to the -directory "signed" afterwards. The flatten mapper means that they will -all be copied to this directory, not to subdirectories. - -

-<signjar
-    alias="testonly" keystore="testkeystore"
-    storepass="apacheant"
-    lazy="true"
-    >
-  <path>
-    <fileset dir="dist" includes="**/*.jar" />
-  </path>
-</signjar>
-

-Sign all the JAR files in dist/**/*.jar in-situ. Lazy signing is used, -so the files will only be signed if they are not already signed. -

-<signjar
-    alias="testonly" keystore="testkeystore"
-    storepass="apacheant"
-    sigalg="MD5withRSA"
-    digestalg="SHA1">
-  <path>
-    <fileset dir="dist" includes="**/*.jar" />
-  </path>
-</signjar>
-

-Sign all the JAR files in dist/**/*.jar using the digest algorithm SHA1 and the -signature algorithm MD5withRSA. This is especially useful when you want to use -the JDK 7 jarsigner (which uses SHA256 and SHA256withRSA as default) to create -signed jars that will be deployed on platforms not supporting SHA256 and -SHA256withRSA. -

About timestamp signing

- -

-Timestamped JAR files are a new feature in Java1.5; a feature supported in Ant since -Ant 1.7. Ant does not yet support proxy setup for this signing process. -

Modified: ant/core/trunk/manual/tasklist.html URL: http://svn.apache.org/viewvc/ant/core/trunk/manual/tasklist.html?rev=1476700&r1=1476699&r2=1476700&view=diff ============================================================================== --- ant/core/trunk/manual/tasklist.html (original) +++ ant/core/trunk/manual/tasklist.html Sun Apr 28 00:53:08 2013 @@ -180,6 +180,7 @@

Microsoft Visual SourceSafe Tasks

Waitfor

War

Modified: ant/core/trunk/src/main/org/apache/tools/ant/taskdefs/AbstractJarSignerTask.java URL: http://svn.apache.org/viewvc/ant/core/trunk/src/main/org/apache/tools/ant/taskdefs/AbstractJarSignerTask.java?rev=1476700&r1=1476699&r2=1476700&view=diff ============================================================================== --- ant/core/trunk/src/main/org/apache/tools/ant/taskdefs/AbstractJarSignerTask.java (original) +++ ant/core/trunk/src/main/org/apache/tools/ant/taskdefs/AbstractJarSignerTask.java Sun Apr 28 00:53:08 2013 @@ -67,6 +67,11 @@ public abstract class AbstractJarSignerT */ protected boolean verbose; /** + * strict checking + * @since Ant 1.9.1 + */ + protected boolean strict = false; + /** * The maximum amount of memory to use for Jar signer */ protected String maxMemory; @@ -185,6 +190,15 @@ public abstract class AbstractJarSignerT } /** + * do strict checking + * @since Ant 1.9.1 + * @param strict + */ + public void setStrict(boolean strict) { + this.strict = strict; + } + + /** * Adds a set of files to sign * * @param set a set of files to sign @@ -289,6 +303,10 @@ public abstract class AbstractJarSignerT addValue(cmd, "-verbose"); } + if (strict) { + addValue(cmd, "-strict"); + } + //now patch in all system properties for (Environment.Variable variable : sysProperties.getVariablesVector()) { declareSysProperty(cmd, variable);

path	path of JAR files to sign. since Ant 1.7	path of JAR files to verify. since Ant 1.7	No
fileset	fileset of JAR files to sign.	fileset of JAR files to verify.	No
mapper	A mapper to rename jar files during signing	No, and only one can be supplied
sysproperty	JVM system properties, with the syntax of Ant environment variables