directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pierre-Arnaud Marcelot" ...@marcelot.net>
Subject Re: [Studio] Maven Build - New jars to deploy on Studio's Maven repository
Date Wed, 16 Jan 2008 06:33:05 GMT
The META-INF/ECLIPSE.RSA seems to be the Certificate used to sign the jar.

The checksums can be found in the MANIFEST.MF and the ECLIPSE.SF files.

Regards,
Pierre-Arnaud

On Jan 15, 2008 11:21 PM, Felix Knecht <felixk@apache.org> wrote:

> Pierre-Arnaud Marcelot schrieb:
> > On Jan 15, 2008 12:09 PM, Felix Knecht <felixk@apache.org
> > <mailto:felixk@apache.org>> wrote:
> >
> >     3°/ We can remove the sha and md5 checksum files from the
> repository,
> >     but this works only if eclipse doesn't has any internal checksums.
> >
> >
> > Unfortunaltely, the SHA1  checksum we are talking about is inside the
> > jar... In the manifest and other files...
>
> Are we talking about i.e. org.eclipse.search_3.3.1.r331_v20070831_0800.jar
> META-INF/ECLIPSE.RSA ?
>
> Looks to me as created with a Verisign Certificate (which we hardly have):
>
> cat META-INF/ECLIPSE.RSA
> 10      H÷
> 0*H÷
>        *H÷
> 0_1<0¥pº*H÷4¶8Ê{̺¿0
>    0    UUS10U
> VeriSign, Inc.1705U
> 280801235959Z0_1   .Class 3 Public Primary Certification Authority0
>                 0       UUS10U
> VeriSign, Inc.1705U
> 0É\Yò´ß@ÛãW¯jE@    .Class 3 Public Primary Certification Authority00
>
>                Ñ3ÙÙÏîX%÷*¨Dªìx¹ª#}Ö¬¢cEÇr'ÌôLÆuqÒ9ïOBðuß
> »L+Ï,&OݦûüÉç± ËS¥ç=¾}þ$E3Üví¢qdLe.hE§0
> 0_10(
> A¡*H÷ßÏIef8LuÂ0SðNÖ&ÀvW^!ñѱÿçÐ!XÍiãDD9\ÜVí¢EL令=ð2ñÎøèÉQæbæÀ}·rÉ6:kN¨ÿd
>    0    UUS10U
> VeriSign, Inc.1705U
> 140715235959Z0´1   .Class 3 Public Primary Certification Authority0
>                 0       UUS10U
> VeriSign, Inc.10U
>                  VeriSign Trust Network1;09U
> 0       *H÷                                 2Terms of use at
> https://www.verisign.com/rpa (c)041.0,U%VeriSign Class 3
> Code Signing 2004 CA0"0
>
> <snip />
>
> Felix
>

Mime
View raw message