You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/08/17 20:08:20 UTC
[tomcat] branch main updated: Update to JSign 4.0 to remove
dependency on client tools.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 16c684b Update to JSign 4.0 to remove dependency on client tools.
16c684b is described below
commit 16c684befa797faac0697adb15bd6911f27feed6
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Aug 17 21:08:12 2021 +0100
Update to JSign 4.0 to remove dependency on client tools.
---
build.properties.default | 15 +++++++--------
build.xml | 12 +++++-------
webapps/docs/changelog.xml | 4 ++++
3 files changed, 16 insertions(+), 15 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index bc8bc41..6b3dc24 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -79,11 +79,10 @@ gpg.exec=/path/to/gpg
# Code signing of Windows installer
# See https://infra.apache.org/digicert-use.html for setup instructions
do.codesigning=false
-codesigning.pkcs11properties=${user.home}/.digicertone/pkcs11properties.cfg
-codesigning.alias=Tomcat-PMC-key-2021-04
+codesigning.alias=Tomcat-PMC-cert-2021-04
codesigning.digest=SHA-512
-codesigning.storetype=PKCS11
-codesigning.storepass=NONE
+codesigning.storetype=DIGICERTONE
+codesigning.storepass=set-this-in-build.properties
# ----- Settings to use when downloading files -----
trydownload.httpusecaches=true
@@ -325,13 +324,13 @@ migration-lib.home=${base.path}/migration-${migration-lib.version}
migration-lib.jar=${migration-lib.home}/jakartaee-migration-${migration-lib.version}-shaded.jar
migration-lib.loc=${base-maven.loc}/org/apache/tomcat/jakartaee-migration/${migration-lib.version}/jakartaee-migration-${migration-lib.version}-shaded.jar
-# ----- JSign, version 3.1 or later -----
-jsign.version=3.1
+# ----- JSign, version 4.0 or later -----
+jsign.version=4.0
-# checksums for JSign 3.1
+# checksums for JSign 4.0
jsign.checksum.enable=true
jsign.checksum.algorithm=MD5|SHA-1
-jsign.checksum.value=ed924fc86b7abe1dfe22fd8fd7e4c417|5736035f64805b2760a41ebc1ff11523f666f2c7
+jsign.checksum.value=50982facf864df4f08a051b43f7d2e42|3d203fbffdc45e837f98b7c9c5d311b615661a75
jsign.home=${base.path}/jsign-${jsign.version}
jsign.jar=${jsign.home}/jsign-${jsign.version}.jar
diff --git a/build.xml b/build.xml
index b0a5da6..fd96d8d 100644
--- a/build.xml
+++ b/build.xml
@@ -2596,7 +2596,6 @@ skip.installer property in build.properties" />
unless="skip.installer" depends="-installer-create-uninstaller,setup-jsign"
if="${do.codesigning}">
<jsign file="${tomcat.dist}/Uninstall.exe"
- keystore="${codesigning.pkcs11properties}"
storepass="${codesigning.storepass}"
storetype="${codesigning.storetype}"
alias="${codesigning.alias}"
@@ -2625,12 +2624,11 @@ skip.installer property in build.properties" />
description="Builds and optionally signs the Windows installer"
depends="-installer,setup-jsign" if="${do.codesigning}" >
<jsign file="${tomcat.release}/v${version}/bin/${final.name}.exe"
- keystore="${codesigning.pkcs11properties}"
- storepass="NONE"
- storetype="PKCS11"
- alias="${codesigning.alias}"
- alg="${codesigning.digest}"
- tsaurl="http://timestamp.digicert.com"/>
+ storepass="${codesigning.storepass}"
+ storetype="${codesigning.storetype}"
+ alias="${codesigning.alias}"
+ alg="${codesigning.digest}"
+ tsaurl="http://timestamp.digicert.com"/>
<!-- .exe has changed so need to redo checksums and OpenPGP signature -->
<delete file="${tomcat.release}/v${version}/bin/${final.name}.exe.asc" />
<delete file="${tomcat.release}/v${version}/bin/${final.name}.exe.sha512" />
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 90b4343..6a741f7 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -173,6 +173,10 @@
Fix failing build when building on non-English locales. Pull request
<pr>441</pr> provided by Dachuan J. (markt)
</fix>
+ <update>
+ Update to JSign version 4.0 to enable code signing without the need for
+ the installation of additional client tools. (markt)
+ </update>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [tomcat] branch main updated: Update to JSign 4.0 to remove
dependency on client tools.
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Mark,
On 8/17/21 17:30, Mark Thomas wrote:
> On 17/08/2021 21:08, markt@apache.org wrote:
>> This is an automated email from the ASF dual-hosted git repository.
>>
>> markt pushed a commit to branch main
>> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>>
>>
>> The following commit(s) were added to refs/heads/main by this push:
>> new 16c684b Update to JSign 4.0 to remove dependency on client
>> tools.
>
> Woot!
>
> Once I managed to get wine working correctly on MacOS, I was able to
> build a complete 10.1.x release - including signed installer for Windows
> - on MacOS. :)
>
> Wine on MacOs steps have been added to the wiki.
>
> I'll backport the JSign 4 updates shortly.
Awesome. Building on a Windows VM has really been cramping my style, if
only because Windows CLIs super suck, even when they are bash.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [tomcat] branch main updated: Update to JSign 4.0 to remove
dependency on client tools.
Posted by Mark Thomas <ma...@apache.org>.
On 17/08/2021 21:08, markt@apache.org wrote:
> This is an automated email from the ASF dual-hosted git repository.
>
> markt pushed a commit to branch main
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/main by this push:
> new 16c684b Update to JSign 4.0 to remove dependency on client tools.
Woot!
Once I managed to get wine working correctly on MacOS, I was able to
build a complete 10.1.x release - including signed installer for Windows
- on MacOS. :)
Wine on MacOs steps have been added to the wiki.
I'll backport the JSign 4 updates shortly.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org