ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Bodewig <bode...@apache.org>
Subject Re: [signjar] prevent double signing
Date Fri, 05 Nov 2004 07:48:19 GMT
On Thu, 04 Nov 2004, T. E. Schmitz <mailreg@numerixtechnology.de>
wrote:

> Now we're talking ... ;-)

8-)

All I said so far was only based on reading the source itself.  "Real"
information can and should be gathered from
<http://java.sun.com/j2se/1.3/docs/guide/jar/jar.html> and in
particular
<http://java.sun.com/j2se/1.3/docs/guide/jar/jar.html#Signed%20JAR%20File>


> But before I ask how I could obtain this information, let's go one
> step back: I originally assumed that the "lazy" attribute would
> exactly that for me: just sign the jar if it is unsigned and skipped
> the signed ones.

This is correct.  You "just" need to ensure it is signed with the same
alias you provided.

As for the case sensitivity question in your other mail.  First make
sure that you are not using WinZIP to verify the case of file names.
<http://ant.apache.org/faq.html#winzip-lies> applies to any archives,
not only those created by Ant.

The JAR spec says that any tool creating jars should use an all upper
case META-INF directory and the first sentence under the headline
"Signature File" in the JAR specification says

,----
| Each signer is represented by a signature file with extension .SF.
`----

So "all upper case" looks fine at first glance.  And I'd be surprised
if jarsigner didn't work as we expect it to do.

The spec also says that META-INF should be accepted by a jar reader in
any case - so here we are not as forgiving as we should be in the
signjar task.

Stefan

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org


Mime
View raw message