commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Bodewig <>
Subject Re: [compress] Pack200
Date Mon, 05 Sep 2011 11:19:50 GMT
On 2011-09-05, Emmanuel Bourg wrote:

> That looks interesting. Does it provide a repack mode suitable for
> signing compressed jars?

I assume you mean

| Note that packing and unpacking a JAR will in general alter the bytewise
| contents of classfiles in the JAR. This means that packing and unpacking
| will in general invalidate any digital signatures which rely on bytewise
| images of JAR elements. In order both to sign and to pack a JAR, you
| must first pack and unpack the JAR to "normalize" it, then compute
| signatures on the unpacked JAR elements, and finally repack the signed
| JAR. Both packing steps should use precisely the same options, and the
| segment limit may also need to be set to "-1", to prevent accidental
| variation of segment boundaries as class file sizes change slightly. 

as in

I think the "normalization" step could be part of a util class inside
the package.  Some utility method that takes a JAR, packs it and unpacks
it again to a new jar that would then need to get signed.  Signing
itself seems outside of compress' scope to me.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message