You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ant.apache.org by T E Schmitz <ma...@numerixtechnology.de> on 2004/11/03 15:26:28 UTC
[signjar] prevent double signing
Hello,
I am using the signjar task to sign a set of jar files for a WebStart
application. Some of the jars have already been signed by Sun (e.g.
mail.jar) and as a jar mustn't have more than one signature I need to
exclude those files from being signed.
I misunderstood and tried the "lazy" attribute but it only prevents
re-signing with the same signature.
a) Is there a means of determining which jars are signed with the
purpose of building an exclude list?
b) I would like the signed jar to bear the same modification date as the
original. I can't see any means of obtaining a file's modification date
in order to touch the new file with it.
Thanks in advance for any ideas.
--
Regards/Gruß,
Tarlika Elisabeth Schmitz
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org
Re: [signjar] prevent double signing
Posted by T E Schmitz <ma...@numerixtechnology.de>.
T E Schmitz wrote:
> That's strange. This is not the output I'm getting (I'm using Sun's SDK
> 1.4.2_01 on Win2K).
>
> For an unsigned jar, jarsigner returns:
> "jarsigner: java.lang.IllegalStateException: zip file closed"
Known bug in Java 2 SDK 1.4.2, see
http://java.sun.com/j2se/1.4.2/relnotes.html#jarsigner
--
Regards/Gruß,
Tarlika Elisabeth Schmitz
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org
Re: [signjar] prevent double signing
Posted by Stefan Bodewig <bo...@apache.org>.
On Fri, 05 Nov 2004, T. E. Schmitz <ma...@numerixtechnology.de>
wrote:
> Thanks for the links. I couldn't find any information though as to
> that and why jarsigner truncates the alias: jarsigner takes the
> alias name, truncates it to 8 characters and uses this as a basename
> for the SF file.
I just stumbled over this[1], you may want to use a vote on it 8-)
> Back to my original question: can I avoid that a jar might be signed
> with more than one signature?
Not yet. It would be rather easy to use ZipFile to look into the
archive, from inside a custom condition, for example.
> So, I either write my first Ant task or I use the dirty option of
> extracting all files and testing for the existance of an SF file :-(
I'd go for a condition.
>> <http://ant.apache.org/faq.html#winzip-lies> applies to any
>> archives, not only those created by Ant.
>
> I realized this, too, last night and I must say I was totally
> flummoxed. Serves me right for using Winblows. In German I'd call
> this a case of "Volksverdummung".
I wouldn't go that far. It's more yet another case of "we know what
is good for you" that seems to be prevalent in certain OSes.
To me it's closer to "Bevormundung" with some "das muß Sie nicht
interessieren" thrown in.
Stefan
Footnotes:
[1] http://issues.apache.org/bugzilla/show_bug.cgi?id=30517
--
http://stefanbodewig.blogger.de/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org
Re: [signjar] prevent double signing
Posted by T E Schmitz <ma...@numerixtechnology.de>.
Hallo Stefan,
Stefan Bodewig wrote:
> On Thu, 04 Nov 2004, T. E. Schmitz <ma...@numerixtechnology.de>
> wrote:
>
> information can and should be gathered from
> <http://java.sun.com/j2se/1.3/docs/guide/jar/jar.html> and in
> particular
> <http://java.sun.com/j2se/1.3/docs/guide/jar/jar.html#Signed%20JAR%20File>
Thanks for the links. I couldn't find any information though as to that
and why jarsigner truncates the alias: jarsigner takes the alias name,
truncates it to 8 characters and uses this as a basename for the SF file.
This is where signjar's lazy option falls down. I have just tested this:
If lazy=true signjar will not re-sign the jar with the same signature.
It will, however, sign a signed jar if the basename of the SF file is
different from the given alias. (It would be great if this could be
stated more explicitly in the Ant manual.)
The following example uses an alias longer than 8 chars. The comparison
in isSigned() will return false (and therefore re-sign the jar) because
the existing SF file is called EMORDES-.SF.
<signjar keystore="${java.keystore}" storepass="${keystore.passwd}"
alias="emordes-stock" lazy="true" jar="util.jar" />
While keystore permits alias names longer than 8, jarsigner truncates
the SF file basename to 8. In other words, the lazy option cannot work
with aliases longer than 8 chars.
(Not to mention the fact that jarsigner couldn't sign a jar with two
signatures the alias name of which is not unique on the fist 8 chars?!)
=========================
Back to my original question: can I avoid that a jar might be signed
with more than one signature? *Webstart won't allow jar with more than
one signature.* (I realize now that my subject line was a bit ambiguous.)
The answer is: even with short alias names, the lazy option wouldn't be
able to do that because it just avoids re-signing with the same signature.
I presume this is too specialist a requirement to incorporate this logic
in the signjar task because then we would need two different isSigned()
methods. OTOH, other people using WebStart will encounter the same issue.
So, I either write my first Ant task or I use the dirty option of
extracting all files and testing for the existance of an SF file :-(
> As for the case sensitivity question in your other mail. First make
> sure that you are not using WinZIP to verify the case of file names.
> <http://ant.apache.org/faq.html#winzip-lies> applies to any archives,
> not only those created by Ant.
I realized this, too, last night and I must say I was totally flummoxed.
Serves me right for using Winblows. In German I'd call this a case of
"Volksverdummung". Unbeliavable what "features" some people come up with.
--
Regards/Gruß,
Tarlika Elisabeth Schmitz
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org
Re: [signjar] prevent double signing
Posted by Stefan Bodewig <bo...@apache.org>.
On Thu, 04 Nov 2004, T. E. Schmitz <ma...@numerixtechnology.de>
wrote:
> Now we're talking ... ;-)
8-)
All I said so far was only based on reading the source itself. "Real"
information can and should be gathered from
<http://java.sun.com/j2se/1.3/docs/guide/jar/jar.html> and in
particular
<http://java.sun.com/j2se/1.3/docs/guide/jar/jar.html#Signed%20JAR%20File>
> But before I ask how I could obtain this information, let's go one
> step back: I originally assumed that the "lazy" attribute would
> exactly that for me: just sign the jar if it is unsigned and skipped
> the signed ones.
This is correct. You "just" need to ensure it is signed with the same
alias you provided.
As for the case sensitivity question in your other mail. First make
sure that you are not using WinZIP to verify the case of file names.
<http://ant.apache.org/faq.html#winzip-lies> applies to any archives,
not only those created by Ant.
The JAR spec says that any tool creating jars should use an all upper
case META-INF directory and the first sentence under the headline
"Signature File" in the JAR specification says
,----
| Each signer is represented by a signature file with extension .SF.
`----
So "all upper case" looks fine at first glance. And I'd be surprised
if jarsigner didn't work as we expect it to do.
The spec also says that META-INF should be accepted by a jar reader in
any case - so here we are not as forgiving as we should be in the
signjar task.
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org
Re: [signjar] prevent double signing
Posted by T E Schmitz <ma...@numerixtechnology.de>.
Hello Stefan/Ivan,
Stefan Bodewig wrote:
> On Thu, 4 Nov 2004, Ivan Ivanov <ra...@yahoo.com> wrote:
>
>
>>Actually, there *is* a method called isSigned(File) that checks
>>whether a jar is signed, so what you want *is* possible.
>
>
> A signed jar contains the signature in a file named ALIAS.SF (ALIAS is
> a placeholder here) inside of the META-INF directory. All the code in
> signjar does is checking for this file.
>
> It doesn not check whether the file contains anything useful or the
> signature is valid.
Now we're talking ... ;-)
But before I ask how I could obtain this information, let's go one step
back: I originally assumed that the "lazy" attribute would exactly that
for me: just sign the jar if it is unsigned and skipped the signed ones.
But I've tried it with filesets and named files, it doesn't matter what
- the jar *always* gets signed.
Am I misunderstanding the lazy attribute or what might be wrong with the
following? (mail.jar is signed by Sun):
<signjar keystore="${java.keystore}" storepass="${keystore.passwd}"
alias="${key.alias}" verbose="true" lazy="true"
jar="${dist.dir}/${mail.jar}"/>
--
Regards/Gruß,
Tarlika Elisabeth Schmitz
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org
Re: [signjar] prevent double signing
Posted by T E Schmitz <ma...@numerixtechnology.de>.
Sorry to bombard you with yet another posting ;-)
T E Schmitz wrote:
>
> And why the hell toUpperCase()?
> The jars signed by Sun contain a mixed case SF file (Sun_micr.sf). The
> ones I signed with the signjar task produce a mixed case SF file, too.
> In fact, in both cases the SF extension is *lowercase* while SIG_END is
> uppercase.
I just did a quick test "by hand", ie with jarsigner, SDK 1.4.2_01 on Win2K:
jarsigner -keystore keystore -signedjar util-test.jar util.jar efordes-stock
jarsigner creates meta-inf/Efordes-.sf; in other words first letter
toUpper and alias truncated to 8 characters.
--
Tarlika
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org
Re: [signjar] prevent double signing
Posted by T E Schmitz <ma...@numerixtechnology.de>.
Hello again,
Stefan Bodewig wrote:
> On Thu, 4 Nov 2004, Ivan Ivanov <ra...@yahoo.com> wrote:
>
> A signed jar contains the signature in a file named ALIAS.SF (ALIAS is
> a placeholder here) inside of the META-INF directory. All the code in
> signjar does is checking for this file.
>
> It doesn not check whether the file contains anything useful or the
> signature is valid.
> Should have been in there for longer. Let's see
> <http://cvs.apache.org/viewcvs.cgi/ant/src/main/org/apache/tools/ant/taskdefs/SignJar.java?r1=1.7&r2=1.8>
> has been added for Ant 1.4.
I had a brief look at the source code of isSigned(). It looks to me as
though the method looks for a specific .SF file if alias is set (is this
the alias passed to the signjar task?).
if (null == alias) {
<snip>
} else {
return jarFile.getEntry(SIG_START + alias.toUpperCase()
+ SIG_END) != null;
And why the hell toUpperCase()?
The jars signed by Sun contain a mixed case SF file (Sun_micr.sf). The
ones I signed with the signjar task produce a mixed case SF file, too.
In fact, in both cases the SF extension is *lowercase* while SIG_END is
uppercase.
Also, it looks to me as though isSigned() is always looking for
META-INF/<alias>.SF. Or is the alias not mandatory?
PS: this is not meant to be a criticism, but it would be good if the
documentation explained explicitly whether the lazy option checks if the
jar is signed with any signature or with the signature about to be added.
--
Regards/Gruß,
Tarlika
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org
Re: [signjar] prevent double signing
Posted by Ivan Ivanov <ra...@yahoo.com>.
--- Stefan Bodewig <bo...@apache.org> wrote:
>
> A signed jar contains the signature in a file named
> ALIAS.SF (ALIAS is
> a placeholder here) inside of the META-INF
> directory.
Well, Stefan, having in mind your remark, the original
requestor has the following "dirty" solution simply
unjar in a temp dir the jar, check for the
availability of ALIAS.SF and if present, does not sign
the jar; else signs it.
> All the code in signjar does is checking for this
> file.
> It doesn not check whether the file contains
> anything useful or the
> signature is valid.
The cleaner solution is to use SignJar.isSigned(File)
(maybe in a custom ant task) to check the jar.
>
> Should have been in there for longer. Let's see
>
<http://cvs.apache.org/viewcvs.cgi/ant/src/main/org/apache/tools/ant/taskdefs/SignJar.java?r1=1.7&r2=1.8>
> has been added for Ant 1.4.
>
> Stefan
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> user-unsubscribe@ant.apache.org
> For additional commands, e-mail:
> user-help@ant.apache.org
>
>
__________________________________
Do you Yahoo!?
Check out the new Yahoo! Front Page.
www.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org
Re: [signjar] prevent double signing
Posted by Stefan Bodewig <bo...@apache.org>.
On Thu, 4 Nov 2004, Ivan Ivanov <ra...@yahoo.com> wrote:
> Actually, there *is* a method called isSigned(File) that checks
> whether a jar is signed, so what you want *is* possible.
A signed jar contains the signature in a file named ALIAS.SF (ALIAS is
a placeholder here) inside of the META-INF directory. All the code in
signjar does is checking for this file.
It doesn not check whether the file contains anything useful or the
signature is valid.
> not I am sure whether this method is in older versions of
> Ant.
Should have been in there for longer. Let's see
<http://cvs.apache.org/viewcvs.cgi/ant/src/main/org/apache/tools/ant/taskdefs/SignJar.java?r1=1.7&r2=1.8>
has been added for Ant 1.4.
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org
Re: [signjar] prevent double signing
Posted by Ivan Ivanov <ra...@yahoo.com>.
Helo Tarlika,
--- T E Schmitz <ma...@numerixtechnology.de> wrote:
>
>
> That's strange. This is not the output I'm getting
> (I'm using Sun's SDK
> 1.4.2_01 on Win2K).
>
> For an unsigned jar, jarsigner returns:
> "jarsigner: java.lang.IllegalStateException: zip
> file closed"
>
> For a signed jar, jarsigner returns:
> "Note: This jar contains unsigned entries which are
> not
> integrity-checked. Re-run with -verbose to list
> unsigned entries."
> When I look at the MANIFEST, I find that all the
> classes in the jar are
> signed but not the directories.
I am using Ant1.6.2 with JDK 1.4.2_04.
> That's what I am doing just now - I was just
> wondering whether there
> might have been a better solution I had overlooked.
>
> Like you, I keep the 3rd party jars in a separate
> directory. But some of
> them are already signed by Sun and mustn't be signed
> again when used
> with Java WebStart. The unsigned 3rd party jars,
> however, have to be signed.
>
> --
Hm, I just had a look at the sources of SignJar task,
taken from Ant's CVS HEAD. Actually, there *is* a
method called isSigned(File) that checks whether a jar
is signed, so what you want *is* possible. However, I
have not either followed the complete logic of SignJar
sources not I am sure whether this method is in older
versions of Ant.
>
>
> Regards/Gru�,
>
> Tarlika Elisabeth Schmitz
>
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> user-unsubscribe@ant.apache.org
> For additional commands, e-mail:
> user-help@ant.apache.org
>
>
__________________________________
Do you Yahoo!?
Check out the new Yahoo! Front Page.
www.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org
Re: [signjar] prevent double signing
Posted by T E Schmitz <ma...@numerixtechnology.de>.
Hello Ivan,
Ivan Ivanov wrote:
> --- T E Schmitz <ma...@numerixtechnology.de> wrote:
>>I'm still looking to find out if you can determine
>>whether a jar file is already signed or not.
> In fact there is a way, but I do not know how it will
> work with Ant: jarsigner command line tool has -verify
> option. When run on signed jar:
> jarsigner -verify signed.jar
> it echoes
> jar verified
> and when run on unsigned jar
> jarsigner -verify unsigned.jar
> it echoes
> jar is unsigned. (signatures missing or not parsable).
That's strange. This is not the output I'm getting (I'm using Sun's SDK
1.4.2_01 on Win2K).
For an unsigned jar, jarsigner returns:
"jarsigner: java.lang.IllegalStateException: zip file closed"
For a signed jar, jarsigner returns:
"Note: This jar contains unsigned entries which are not
integrity-checked. Re-run with -verbose to list unsigned entries."
When I look at the MANIFEST, I find that all the classes in the jar are
signed but not the directories.
> Next idea that comes to me is that your third party
> jars are not likely to changed every day. So why don't
> you list them explicitly and exclude them when you
> call <signjar> task?
That's what I am doing just now - I was just wondering whether there
might have been a better solution I had overlooked.
Like you, I keep the 3rd party jars in a separate directory. But some of
them are already signed by Sun and mustn't be signed again when used
with Java WebStart. The unsigned 3rd party jars, however, have to be signed.
--
Regards/Gruß,
Tarlika Elisabeth Schmitz
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org
Re: [signjar] prevent double signing
Posted by Ivan Ivanov <ra...@yahoo.com>.
--- T E Schmitz <ma...@numerixtechnology.de> wrote:
> I'm still looking to find out if you can determine
> whether a jar file is
> already signed or not.
In fact there is a way, but I do not know how it will
work with Ant: jarsigner command line tool has -verify
option. When run on signed jar:
jarsigner -verify signed.jar
it echoes
jar verified
and when run on unsigned jar
jarsigner -verify unsigned.jar
it echoes
jar is unsigned. (signatures missing or not parsable).
Next idea that comes to me is that your third party
jars are not likely to changed every day. So why don't
you list them explicitly and exclude them when you
call <signjar> task?
HTH Ivan
> I had a look at the commandline tool jarsigner. But
> that comes back with
> "jarsigner: java.lang.IllegalStateException: zip
> file closed" when there
> is no signature.
>
__________________________________
Do you Yahoo!?
Check out the new Yahoo! Front Page.
www.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org
Re: [signjar] prevent double signing
Posted by Ivan Ivanov <ra...@yahoo.com>.
--- T E Schmitz <ma...@numerixtechnology.de> wrote:
> Hello Ivan,
> Thank you for your help.
>
>
> Touch and the script below worked a treat!
> Maybe we should also mention for people searching
> the archive that the
> following libraries need to be in Ant's classpath:
>
> Jakarta BSF 2.3.0
> Rhino 1.5R3
> ----------------------
It has already been mentioned several times in the
list and in the documentation (Library Dependencies
section).
>
> I'm still looking to find out if you can determine
> whether a jar file is
> already signed or not.
I had not idea how to do it. All I can tell is that I
keep thridy party jars and the jars which I build in
separate folders so when I want to sign my jars they
are not mixed with the third party ones.
> I had a look at the commandline tool jarsigner. But
> that comes back with
> "jarsigner: java.lang.IllegalStateException: zip
> file closed" when there
> is no signature.
>
>
> > --- Ivan Ivanov <ra...@yahoo.com>
> wrote:
> >
> >>to get the file modified date you can use
> something
> >>like this:
> >>
> >><project>
> >>
> >> <scriptdef name="getlm"
> language="javascript">
> >> ....
> >> </scriptdef>
> >>
> >></project>
> >>
>
> >>I borrowed the above script from a previous thread
> >>in
> >>ant's mailing list called Ant Get FileSize using
> >>exec?. You can see it for the original source.
>
> I had seen the original script but somehow I didn't
> put 1+1 together.
> Never used the option al tasks before ;-)
>
>
> >>--- T E Schmitz <ma...@numerixtechnology.de>
> >>wrote:
> >>
> >>
> >>>a) Is there a means of determining which jars are
> >>>signed with the
> >>>purpose of building an exclude list?
> >>>
> >>>b) I would like the signed jar to bear the same
> >>>modification date as the
> >>>original. I can't see any means of obtaining a
> >>>file's modification date
> >>>in order to touch the new file with it.
>
>
> --
>
>
> Regards/Gru�,
>
> Tarlika Elisabeth Schmitz
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> user-unsubscribe@ant.apache.org
> For additional commands, e-mail:
> user-help@ant.apache.org
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org
Re: [signjar] prevent double signing
Posted by T E Schmitz <ma...@numerixtechnology.de>.
Hello Ivan,
Thank you for your help.
Ivan Ivanov wrote:
> I should correct myself a little. There is no neede to
> parse last after you retrieve it as long, because
> <touch> task has millis attribute.
> You can use it like this
> <touch file="myfile" millis="${buildfile.last}"/>
Touch and the script below worked a treat!
Maybe we should also mention for people searching the archive that the
following libraries need to be in Ant's classpath:
Jakarta BSF 2.3.0
Rhino 1.5R3
----------------------
I'm still looking to find out if you can determine whether a jar file is
already signed or not.
I had a look at the commandline tool jarsigner. But that comes back with
"jarsigner: java.lang.IllegalStateException: zip file closed" when there
is no signature.
> --- Ivan Ivanov <ra...@yahoo.com> wrote:
>
>>to get the file modified date you can use something
>>like this:
>>
>><project>
>>
>> <scriptdef name="getlm" language="javascript">
>> ....
>> </scriptdef>
>>
>></project>
>>
>>I borrowed the above script from a previous thread
>>in
>>ant's mailing list called Ant Get FileSize using
>>exec?. You can see it for the original source.
I had seen the original script but somehow I didn't put 1+1 together.
Never used the option al tasks before ;-)
>>--- T E Schmitz <ma...@numerixtechnology.de>
>>wrote:
>>
>>
>>>a) Is there a means of determining which jars are
>>>signed with the
>>>purpose of building an exclude list?
>>>
>>>b) I would like the signed jar to bear the same
>>>modification date as the
>>>original. I can't see any means of obtaining a
>>>file's modification date
>>>in order to touch the new file with it.
--
Regards/Gruß,
Tarlika Elisabeth Schmitz
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org
Re: [signjar] prevent double signing
Posted by Ivan Ivanov <ra...@yahoo.com>.
I should correct myself a little. There is no neede to
parse last after you retrieve it as long, because
<touch> task has millis attribute.
You can use it like this
<touch file="myfile" millis="${buildfile.last}"/>
--- Ivan Ivanov <ra...@yahoo.com> wrote:
> Hi,
> to get the file modified date you can use something
> like this:
>
> <project>
>
> <scriptdef name="getlm" language="javascript">
> <attribute name="file"/>
> <attribute name="property"/>
> <![CDATA[
> fileName = attributes.get("file");
> propName = attributes.get("property");
>
> file = new java.io.File(fileName);
> last = file.lastModified();
>
> project.setNewProperty(propName, last);
> ]]>
> </scriptdef>
>
> <getlm file="files.xml"
> property="buildfile.last"/>
> <echo>buildfile is last modified at
> ${buildfile.last}</echo>
>
> </project>
>
> The above build script defines getlm script def
> which
> retrives the modification date via javascript ans
> sets
> a new property with the size. Mind that
> file.lastModified() returns long number so you
> should
> parse it to a Date to suit your needs.
>
> I borrowed the above script from a previous thread
> in
> ant's mailing list called Ant Get FileSize using
> exec?. You can see it for the original source.
>
> HTH Ivan
> --- T E Schmitz <ma...@numerixtechnology.de>
> wrote:
>
> > Hello,
> >
> > I am using the signjar task to sign a set of jar
> > files for a WebStart
> > application. Some of the jars have already been
> > signed by Sun (e.g.
> > mail.jar) and as a jar mustn't have more than one
> > signature I need to
> > exclude those files from being signed.
> >
> > I misunderstood and tried the "lazy" attribute but
> > it only prevents
> > re-signing with the same signature.
> >
> > a) Is there a means of determining which jars are
> > signed with the
> > purpose of building an exclude list?
> >
> > b) I would like the signed jar to bear the same
> > modification date as the
> > original. I can't see any means of obtaining a
> > file's modification date
> > in order to touch the new file with it.
> >
> > Thanks in advance for any ideas.
> >
> > --
> >
> >
> > Regards/Gru�,
> >
> > Tarlika Elisabeth Schmitz
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > user-unsubscribe@ant.apache.org
> > For additional commands, e-mail:
> > user-help@ant.apache.org
> >
> >
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Check out the new Yahoo! Front Page.
> www.yahoo.com
>
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> user-unsubscribe@ant.apache.org
> For additional commands, e-mail:
> user-help@ant.apache.org
>
>
__________________________________
Do you Yahoo!?
Check out the new Yahoo! Front Page.
www.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org
Re: [signjar] prevent double signing
Posted by Ivan Ivanov <ra...@yahoo.com>.
Hi,
to get the file modified date you can use something
like this:
<project>
<scriptdef name="getlm" language="javascript">
<attribute name="file"/>
<attribute name="property"/>
<![CDATA[
fileName = attributes.get("file");
propName = attributes.get("property");
file = new java.io.File(fileName);
last = file.lastModified();
project.setNewProperty(propName, last);
]]>
</scriptdef>
<getlm file="files.xml"
property="buildfile.last"/>
<echo>buildfile is last modified at
${buildfile.last}</echo>
</project>
The above build script defines getlm script def which
retrives the modification date via javascript ans sets
a new property with the size. Mind that
file.lastModified() returns long number so you should
parse it to a Date to suit your needs.
I borrowed the above script from a previous thread in
ant's mailing list called Ant Get FileSize using
exec?. You can see it for the original source.
HTH Ivan
--- T E Schmitz <ma...@numerixtechnology.de> wrote:
> Hello,
>
> I am using the signjar task to sign a set of jar
> files for a WebStart
> application. Some of the jars have already been
> signed by Sun (e.g.
> mail.jar) and as a jar mustn't have more than one
> signature I need to
> exclude those files from being signed.
>
> I misunderstood and tried the "lazy" attribute but
> it only prevents
> re-signing with the same signature.
>
> a) Is there a means of determining which jars are
> signed with the
> purpose of building an exclude list?
>
> b) I would like the signed jar to bear the same
> modification date as the
> original. I can't see any means of obtaining a
> file's modification date
> in order to touch the new file with it.
>
> Thanks in advance for any ideas.
>
> --
>
>
> Regards/Gru�,
>
> Tarlika Elisabeth Schmitz
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> user-unsubscribe@ant.apache.org
> For additional commands, e-mail:
> user-help@ant.apache.org
>
>
__________________________________
Do you Yahoo!?
Check out the new Yahoo! Front Page.
www.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org