[ http://jira.codehaus.org/browse/MOJO-263?page=comments#action_65282 ]
Geoffrey De Smet commented on MOJO-263: --------------------------------------- A copy from my mail to user list: I know this very easy way works though: - Sign them (even if they are signed - the jar plugin currently doesn't allow this) - Remove the *.SF/*.RSA file if it's not yours. The other way around probably works too. So only thing the webstart plugin should do is: - If it's already signed by someone else (I would hack this for now to "if it's already signed in the repo" as you don't want to resign already signed files by yourself in target/jnlp) then first remove *.SF/*.RSA (and *.sf/*.rsa) from the Zip file before signing it. Sounds easy enough right? And in webstart the ANT tasks are already included and it includes a zip and unzip task. But there isn't an Unzip class (there is a zip class) Using Sun's ZipStream's is more boilerplate I presume. > [webstart] deal with unsigned jars > ---------------------------------- > > Key: MOJO-263 > URL: http://jira.codehaus.org/browse/MOJO-263 > Project: Mojo > Type: New Feature > Components: webstart > Reporter: Jerome Lacoste > Assignee: Jerome Lacoste > > > There are potential issues when dealing with including such already signed > jars in a webstart application. > In particular see: > http://jira.codehaus.org/browse/MOJO-7#action_49160 > and the relevant m1 jnlp issues: > http://jira.codehaus.org/browse/MPJNLP-20 > http://jira.codehaus.org/browse/MPJNLP-28 > According to the feedback I got on the maven user list, I think that, in > order to satisfy everybody, we need to: > - handle already signed jars (MPJNLP-28) > - primarily we need the possibility to unsign a jar. That will probably go > to jar:unsign. > - optionally avoid signing jars that are already signed. > - optionally clean the Manifest (maven1 jnlp feature, to work around SDK 1.3 > issue - See MPJNLP-20) > Did I miss something? > Now how do we present that to the user? > We could: > - assume that every jar will be signed by default > - let the user list the operation to perform, maybe using something like: > <sign> > <dname>...</dname> > ... > <unsign> > <dependency>...</dependency> > </unsign> > <skipSignedJars>true<skipSignedJars> > <cleanManifest>true</cleanManifest> > </sign> > Does that look correct? -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
