[
http://jira.codehaus.org/browse/MNBMODULE-50?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=172600#action_172600
]
Pavel Jisl edited comment on MNBMODULE-50 at 4/10/09 2:08 AM:
--------------------------------------------------------------
Yesterday we received information, that our issue in Apache Ant
(https://issues.apache.org/bugzilla/show_bug.cgi?id=46891) for signing of
already signed jars was resolved with status fixed. It will be available in
Apache Ant version 1.8.0. But there is not release plan yet and this version
will be available in few moths.
If new version of Ant will be available, solving of this issue will be easy in
both netbean's MakeJNLP and this plugin.
was (Author: jisl):
Yesterday we received information, that out issue in Apache Ant
(https://issues.apache.org/bugzilla/show_bug.cgi?id=46891) for signing of
already signed jars was resolved with status fixed. It will be available in
Apache Ant version 1.8.0. But there is not release plan yet and this version
will be available in few moths.
If new version of Ant will be available, solving of this issue will be easy in
both netbean's MakeJNLP and this plugin.
> Signing of already signed jars for Java Webstart application
> ------------------------------------------------------------
>
> Key: MNBMODULE-50
> URL: http://jira.codehaus.org/browse/MNBMODULE-50
> Project: Maven 2.x Netbeans Module Plugin
> Issue Type: Improvement
> Environment: All
> Reporter: Pavel Jisl
> Assignee: Milos Kleint
>
> For releasing webstart applications is crucial to have all jars included
> signed with one certificate of the releasing company. If these jars are not
> signed with one unified certificate, Java Webstart system asks for each
> unsigned (or jar with another signature) if user agrees and grants access to
> the system.
> For this case, we need to sign all jars, included in package, with one
> certificate. As we looked into source code of this plugin, one part of
> signing is in org.netbeans.nbbuild.MakeJNLP#signOrCopy(from, to), another in
> CreateWebstartAppMojo (for jnlp-launcher.jar and branding jars). As all these
> uses the ant SignJar task, we submit issue with patch, allowing us to force
> signing of jars (see
> https://issues.apache.org/bugzilla/show_bug.cgi?id=46891). But we are not
> sure, if this will be accepted, because solving of issues in ant is really
> slow.
> Another solution is usage of Maven Jar Plugin. But this plugin denied to sign
> already signed jar. In this case, we must submit patch, allowing us to force
> signing of already signed jars. But there is problem with the MakeJNLP task.
> Using this solution, we must disable signing of jars in MakeJNLP and sign
> jars programmatically using JarSignMojo from Maven Jar Plugin.
> We can see, that the first solution with modification of SignJar task is more
> complex as it solves problems with signing in both MakeJNLP task and
> CreateWebstartAppMojo, but we can expected long delay before the patch will
> be accepted (or worst - rejected). Another solution is not so conceptual, but
> maybe more clear.
> As last instance, we can also contribute modified JarSignMojo class from
> Maven Jar Plugin , that was used in our corporate modified Maven NBM plugin
> 2.7 for creating webstart application. This must be also used programatically
> as the previous solution directly using Maven Jar Plugin.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
