You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/06/09 10:57:06 UTC
[tomcat] branch 10.0.x updated: Enable detached signatures for Windows installer
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new 07196a3c45 Enable detached signatures for Windows installer
07196a3c45 is described below
commit 07196a3c45fcb3810a5cdf329d4a7f975ec426b3
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Mar 23 12:56:57 2022 +0000
Enable detached signatures for Windows installer
---
build.xml | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/build.xml b/build.xml
index 2775b73fbc..840ae95ad5 100644
--- a/build.xml
+++ b/build.xml
@@ -2474,8 +2474,13 @@ skip.installer property in build.properties" />
<include name="*.bmp" />
<include name="*.ico" />
<include name="*.xml" />
+ <include name="Uninstall.exe.sig" />
</fileset>
</copy>
+ <copy file="res/install-win/tomcat-installer.exe.sig"
+ tofile="${tomcat.release}/v${version}/bin/${final.name}.exe.sig"
+ failonerror="false"
+ quiet="true" />
<copy file="${nsis.installoptions.dll}" todir="${tomcat.dist}" />
<copy file="${nsis.nsexec.dll}" todir="${tomcat.dist}" />
<copy file="${nsis.nsisdl.dll}" todir="${tomcat.dist}" />
@@ -2528,12 +2533,18 @@ skip.installer property in build.properties" />
<target name="-installer-sign-uninstaller"
unless="skip.installer" depends="-installer-create-uninstaller,setup-jsign"
if="${do.codesigning}">
+ <!-- If the detached signature doesn't exist, this will sign the file -->
+ <!-- and create the detached signature. If the detached signature does -->
+ <!-- exist it will be attached to the file. -->
<jsign file="${tomcat.dist}/Uninstall.exe"
storepass="${codesigning.storepass}"
storetype="${codesigning.storetype}"
alias="${codesigning.alias}"
alg="${codesigning.digest}"
- tsaurl="http://timestamp.digicert.com"/>
+ tsaurl="http://timestamp.digicert.com"
+ detached="true"/>
+ <!-- Copy detached signature to source tree -->
+ <copy file="${tomcat.dist}/Uninstall.exe.sig" todir="res/install-win"/>
<!-- Reproducible builds: consistent timestamps for installer files -->
<touch datetime="${tstamp.file}" pattern="yyyy-MM-dd HH:mm:ss">
<fileset dir="${tomcat.dist}"/>
@@ -2565,7 +2576,12 @@ skip.installer property in build.properties" />
storetype="${codesigning.storetype}"
alias="${codesigning.alias}"
alg="${codesigning.digest}"
- tsaurl="http://timestamp.digicert.com"/>
+ tsaurl="http://timestamp.digicert.com"
+ detached="true" />
+ <!-- Copy detached signature to source tree -->
+ <copy file="${tomcat.release}/v${version}/bin/${final.name}.exe.sig"
+ tofile="res/install-win/tomcat-installer.exe.sig"/>
+ <delete file="${tomcat.release}/v${version}/bin/${final.name}.exe.sig" />
<!-- .exe has changed so need to redo checksums and OpenPGP signature -->
<delete file="${tomcat.release}/v${version}/bin/${final.name}.exe.asc" />
<delete file="${tomcat.release}/v${version}/bin/${final.name}.exe.sha512" />
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [tomcat] branch 10.0.x updated: Enable detached signatures for Windows installer
Posted by Mark Thomas <ma...@apache.org>.
On 09/06/2022 14:13, Christopher Schultz wrote:
> Mark,
>
> On 6/9/22 06:57, markt@apache.org wrote:
>> This is an automated email from the ASF dual-hosted git repository.
>>
>> markt pushed a commit to branch 10.0.x
>> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>>
>>
>> The following commit(s) were added to refs/heads/10.0.x by this push:
>> new 07196a3c45 Enable detached signatures for Windows installer
>> 07196a3c45 is described below
>>
>> commit 07196a3c45fcb3810a5cdf329d4a7f975ec426b3
>> Author: Mark Thomas <ma...@apache.org>
>> AuthorDate: Wed Mar 23 12:56:57 2022 +0000
>>
>> Enable detached signatures for Windows installer
>> ---
>> build.xml | 20 ++++++++++++++++++--
>> 1 file changed, 18 insertions(+), 2 deletions(-)
>>
>> diff --git a/build.xml b/build.xml
>> index 2775b73fbc..840ae95ad5 100644
>> --- a/build.xml
>> +++ b/build.xml
>> @@ -2474,8 +2474,13 @@ skip.installer property in build.properties" />
>> <include name="*.bmp" />
>> <include name="*.ico" />
>> <include name="*.xml" />
>> + <include name="Uninstall.exe.sig" />
>> </fileset>
>> </copy>
>> + <copy file="res/install-win/tomcat-installer.exe.sig"
>> + tofile="${tomcat.release}/v${version}/bin/${final.name}.exe.sig"
>> + failonerror="false"
>> + quiet="true" />
>> <copy file="${nsis.installoptions.dll}" todir="${tomcat.dist}" />
>> <copy file="${nsis.nsexec.dll}" todir="${tomcat.dist}" />
>> <copy file="${nsis.nsisdl.dll}" todir="${tomcat.dist}" />
>> @@ -2528,12 +2533,18 @@ skip.installer property in build.properties" />
>> <target name="-installer-sign-uninstaller"
>> unless="skip.installer"
>> depends="-installer-create-uninstaller,setup-jsign"
>> if="${do.codesigning}">
>> + <!-- If the detached signature doesn't exist, this will sign the
>> file -->
>> + <!-- and create the detached signature. If the detached signature
>> does -->
>> + <!-- exist it will be attached to the
>> file. -->
>> <jsign file="${tomcat.dist}/Uninstall.exe"
>> storepass="${codesigning.storepass}"
>> storetype="${codesigning.storetype}"
>> alias="${codesigning.alias}"
>> alg="${codesigning.digest}"
>> - tsaurl="http://timestamp.digicert.com"/>
>> + tsaurl="http://timestamp.digicert.com"
>> + detached="true"/>
>
> Is the comment above accurate? This call to <jsign> looks like it should
> always create a detached signature and will never attach it.
Yes, the comment is correct.
In short the release process will be:
ant pre-release
ant release
tag
ant release
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [tomcat] branch 10.0.x updated: Enable detached signatures for Windows installer
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Mark,
On 6/9/22 06:57, markt@apache.org wrote:
> This is an automated email from the ASF dual-hosted git repository.
>
> markt pushed a commit to branch 10.0.x
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/10.0.x by this push:
> new 07196a3c45 Enable detached signatures for Windows installer
> 07196a3c45 is described below
>
> commit 07196a3c45fcb3810a5cdf329d4a7f975ec426b3
> Author: Mark Thomas <ma...@apache.org>
> AuthorDate: Wed Mar 23 12:56:57 2022 +0000
>
> Enable detached signatures for Windows installer
> ---
> build.xml | 20 ++++++++++++++++++--
> 1 file changed, 18 insertions(+), 2 deletions(-)
>
> diff --git a/build.xml b/build.xml
> index 2775b73fbc..840ae95ad5 100644
> --- a/build.xml
> +++ b/build.xml
> @@ -2474,8 +2474,13 @@ skip.installer property in build.properties" />
> <include name="*.bmp" />
> <include name="*.ico" />
> <include name="*.xml" />
> + <include name="Uninstall.exe.sig" />
> </fileset>
> </copy>
> + <copy file="res/install-win/tomcat-installer.exe.sig"
> + tofile="${tomcat.release}/v${version}/bin/${final.name}.exe.sig"
> + failonerror="false"
> + quiet="true" />
> <copy file="${nsis.installoptions.dll}" todir="${tomcat.dist}" />
> <copy file="${nsis.nsexec.dll}" todir="${tomcat.dist}" />
> <copy file="${nsis.nsisdl.dll}" todir="${tomcat.dist}" />
> @@ -2528,12 +2533,18 @@ skip.installer property in build.properties" />
> <target name="-installer-sign-uninstaller"
> unless="skip.installer" depends="-installer-create-uninstaller,setup-jsign"
> if="${do.codesigning}">
> + <!-- If the detached signature doesn't exist, this will sign the file -->
> + <!-- and create the detached signature. If the detached signature does -->
> + <!-- exist it will be attached to the file. -->
> <jsign file="${tomcat.dist}/Uninstall.exe"
> storepass="${codesigning.storepass}"
> storetype="${codesigning.storetype}"
> alias="${codesigning.alias}"
> alg="${codesigning.digest}"
> - tsaurl="http://timestamp.digicert.com"/>
> + tsaurl="http://timestamp.digicert.com"
> + detached="true"/>
Is the comment above accurate? This call to <jsign> looks like it should
always create a detached signature and will never attach it.
> + <!-- Copy detached signature to source tree -->
> + <copy file="${tomcat.dist}/Uninstall.exe.sig" todir="res/install-win"/>
> <!-- Reproducible builds: consistent timestamps for installer files -->
> <touch datetime="${tstamp.file}" pattern="yyyy-MM-dd HH:mm:ss">
> <fileset dir="${tomcat.dist}"/>
> @@ -2565,7 +2576,12 @@ skip.installer property in build.properties" />
> storetype="${codesigning.storetype}"
> alias="${codesigning.alias}"
> alg="${codesigning.digest}"
> - tsaurl="http://timestamp.digicert.com"/>
> + tsaurl="http://timestamp.digicert.com"
> + detached="true" />
> + <!-- Copy detached signature to source tree -->
> + <copy file="${tomcat.release}/v${version}/bin/${final.name}.exe.sig"
> + tofile="res/install-win/tomcat-installer.exe.sig"/>
> + <delete file="${tomcat.release}/v${version}/bin/${final.name}.exe.sig" />
> <!-- .exe has changed so need to redo checksums and OpenPGP signature -->
> <delete file="${tomcat.release}/v${version}/bin/${final.name}.exe.asc" />
> <delete file="${tomcat.release}/v${version}/bin/${final.name}.exe.sha512" />
>
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org