> Hi Jim/Sebastien, > > The latest Java updates will show warnings for all applets that are self > signed, therefore only jars signed with a certificate are now accepted. The > user will still need to accept the new certificate, but you can click the > option to always accept the certificate so you don't see the warning again. > > On top of that, javascript is treated as unsafe code.
Could the signed/unsigned warning come from non-class files in our jar? .build_properties images/idwidth.gif images/link.gif > You should add the following lines to the manifest of every jar file, before > signing with the certificate. > > Codebase: *.my.domain.com > Caller-Allowable-Codebase: *.my.domain.com > Permissions: all-permissions Will try to follow that. > Codebase accepts wildcards, so for Jalview it might be acceptable to just > have * so that anyone can serve it from any domain. The caller-allowable > codebase allows javascript from pages served from that domain to call the > applet. > > Hope this helps, > > Andrew Will wait for the certificate. Thanks Jim & Andrew > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Jim Procter > Sent: 15 November 2013 16:59 > To: [email protected] > Subject: Re: [Jalview-discuss] Jalview applet signed > > 'lo there Sébastien. > On 15/11/2013 15:01, Moretti Sébastien wrote: >> I have found that you will sign the jalviewLite applet in version >> 2.8.1 >> http://issues.jalview.org/browse/JAL-1400 >> When do you plan to release it? > I'm currently waiting on a request for a certificate from CERTUM - who > provide free certificates for OSS software (I hope!). I'll then release a > signed version of 2.8b1 - which will be the last in the 2.8.0 series as soon > as I receive it. > > The recent Java updates, and more complex Apple code signing requirements > have kept me busy - Jalview now has an official Apple ID, and I'm trying to > integrate the codesign step into our release process for the Jalview > installer. > >> Also I have tried to sign the jalview version we modified for MyHits >> (version 2.4+) by signing it with our own certificate. >> No problem to sign it but when I want to run it it displays a warning >> message, only after clicking on the launch button, saying that I try >> to run a mix of signed and unsigned classes. >> Do you know what could cause this? > this is due to a couple of issues - > the original jalview build script didn't create an index file - and so when > the jarsigner operated on it, it didn't actually sign the index file, but > created one after it was done. I've fixed the builder so JalviewLite will run > without that warning. You can try it out in the 'latest build of the current > release branch'. > > There are a couple of other wrinkles, however: > > * If you link JmolApplet with Jalview, that needs to be fully signed in the > same way (with the index created before hand) (again, this is fixed in the > build system now) > * If you use the 'Mayscript' attribute, in order to use the applet Javascript > api, you need to set the codebase property in the applet manifest, otherwise > a warning will be raised. (still working on this..) > > I'll most likely post an article on the website about all this, since getting > all this right is pretty tricky - particularly for someone new to Java > development. I'll also be updating the source building instructions to allow > for specifying deployment URLs, etc. > > Jim -- Sébastien Moretti SIB Vital-IT EMBnet, Quartier Sorge - Genopode CH-1015 Lausanne, Switzerland Tel.: +41 (21) 692 4079/4221 http://www.vital-it.ch/ http://myhits.vital-it.ch/ _______________________________________________ Jalview-discuss mailing list [email protected] http://www.compbio.dundee.ac.uk/mailman/listinfo/jalview-discuss
