Author: antoine
Date: Sun Apr 28 00:53:08 2013
New Revision: 1476700
URL: http://svn.apache.org/r1476700
Log:
adding strict attribute to signjar task, PR 54889
Added:
ant/core/trunk/manual/Tasks/verifyjar.html
- copied, changed from r1476697, ant/core/trunk/manual/Tasks/signjar.html
Modified:
ant/core/trunk/WHATSNEW
ant/core/trunk/manual/Tasks/signjar.html
ant/core/trunk/manual/tasklist.html
ant/core/trunk/src/main/org/apache/tools/ant/taskdefs/AbstractJarSignerTask.java
Modified: ant/core/trunk/WHATSNEW
URL:
http://svn.apache.org/viewvc/ant/core/trunk/WHATSNEW?rev=1476700&r1=1476699&r2=1476700&view=diff
==============================================================================
--- ant/core/trunk/WHATSNEW (original)
+++ ant/core/trunk/WHATSNEW Sun Apr 28 00:53:08 2013
@@ -24,6 +24,9 @@ Fixed bugs:
Other changes:
--------------
+ * strict attribute added to <signjar>.
+ Bugzilla Report 54889.
+
Changes from Ant 1.8.4 TO Ant 1.9.0
===================================
@@ -127,7 +130,8 @@ Other changes:
archives using Zip64 extensions (files and archives bigger that 4GB
and with more that 64k entries).
- * a new task <commandlaucher> can be used to configure the
+ * a new task <commandlaun
+ cher> can be used to configure the
CommandLauncher used by Ant when forking external programs or new
Java VMs.
Bugzilla Report 52706.
Modified: ant/core/trunk/manual/Tasks/signjar.html
URL:
http://svn.apache.org/viewvc/ant/core/trunk/manual/Tasks/signjar.html?rev=1476700&r1=1476699&r2=1476700&view=diff
==============================================================================
--- ant/core/trunk/manual/Tasks/signjar.html (original)
+++ ant/core/trunk/manual/Tasks/signjar.html Sun Apr 28 00:53:08 2013
@@ -100,6 +100,11 @@ and <tt>lazy</tt> is false, the JAR is s
<td valign="top" align="center">No; default false</td>
</tr>
<tr>
+ <td valign="top">strict</td>
+ <td valign="top">(true | false) strict checking when
signing.<br/><em>since Ant 1.9.1</em>.</td>
+ <td valign="top" align="center">No; default false</td>
+ </tr>
+ <tr>
<td valign="top">internalsf</td>
<td valign="top">(true | false) include the .SF file inside the signature
block</td>
Copied: ant/core/trunk/manual/Tasks/verifyjar.html (from r1476697,
ant/core/trunk/manual/Tasks/signjar.html)
URL:
http://svn.apache.org/viewvc/ant/core/trunk/manual/Tasks/verifyjar.html?p2=ant/core/trunk/manual/Tasks/verifyjar.html&p1=ant/core/trunk/manual/Tasks/signjar.html&r1=1476697&r2=1476700&rev=1476700&view=diff
==============================================================================
--- ant/core/trunk/manual/Tasks/signjar.html (original)
+++ ant/core/trunk/manual/Tasks/verifyjar.html Sun Apr 28 00:53:08 2013
@@ -19,31 +19,18 @@
<head>
<meta http-equiv="Content-Language" content="en-us">
<link rel="stylesheet" type="text/css" href="../stylesheets/style.css">
-<title>SignJar Task</title>
+<title>VerifyJar Task</title>
</head>
<body>
-<h2><a name="signjar">SignJar</a></h2>
+<h2><a name="verifyjar">VerifyJar</a></h2>
<h3>Description</h3>
-<p>Signs JAR files with the <tt>jarsigner</tt> command line tool.
-It will take a named file in the <tt>jar</tt> attribute, and an optional
-<tt>destDir</tt> or <tt>signedJar</tt> attribute. Nested paths are also
-supported; here only an (optional) <tt>destDir</tt> is allowed. If a
destination
-directory or explicit JAR file name is not provided, JARs are signed in place.
+<p>Verifies JAR files with the <tt>jarsigner</tt> command line tool.
+It will take a named file in the <tt>jar</tt> attribute. Nested paths are also
+supported
</p>
-<p>
-Dependency rules
-</p>
-<ul>
-<li>Nonexistent destination JARs are created/signed</li>
-<li>Out of date destination JARs are created/signed</li>
-<li>If a destination file and a source file are the same,
-and <tt>lazy</tt> is true, the JAR is only signed if it does not
-contain a signature by this alias.</li>
-<li>If a destination file and a source file are the same,
-and <tt>lazy</tt> is false, the JAR is signed.</li>
-</ul>
+
<h3>Parameters</h3>
<table border="1" cellpadding="2" cellspacing="0">
@@ -54,13 +41,13 @@ and <tt>lazy</tt> is false, the JAR is s
</tr>
<tr>
<td valign="top">jar</td>
- <td valign="top">the jar file to sign</td>
+ <td valign="top">the jar file to verify</td>
<td valign="top" align="center">Yes, unless nested paths have
been used.</td>
</tr>
<tr>
<td valign="top">alias</td>
- <td valign="top">the alias to sign under</td>
+ <td valign="top">the alias to verify under</td>
<td valign="top" align="center">Yes.</td>
</tr>
<tr>
@@ -84,37 +71,18 @@ and <tt>lazy</tt> is false, the JAR is s
<td valign="top" align="center">No</td>
</tr>
<tr>
- <td valign="top">sigfile</td>
- <td valign="top">name of .SF/.DSA file</td>
- <td valign="top" align="center">No</td>
- </tr>
- <tr>
- <td valign="top">signedjar</td>
- <td valign="top">name of signed JAR file. This can only be set when
- the <tt>jar</tt> attribute is set.</td>
- <td valign="top" align="center">No.</td>
- </tr>
- <tr>
- <td valign="top">verbose</td>
- <td valign="top">(true | false) verbose output when signing</td>
- <td valign="top" align="center">No; default false</td>
- </tr>
- <tr>
- <td valign="top">internalsf</td>
- <td valign="top">(true | false) include the .SF file inside the signature
-block</td>
+ <td valign="top">certificates</td>
+ <td valign="top">(true | false) display information about certificates</td>
<td valign="top" align="center">No; default false</td>
</tr>
<tr>
- <td valign="top">sectionsonly</td>
- <td valign="top">(true | false) don't compute hash of entire manifest</td>
+ <td valign="top">verbose</td>
+ <td valign="top">(true | false) verbose output when verifying</td>
<td valign="top" align="center">No; default false</td>
</tr>
<tr>
- <td valign="top">lazy</td>
- <td valign="top">flag to control whether the presence of a signature
- file means a JAR is signed. This is only used when the target JAR matches
- the source JAR</td>
+ <td valign="top">strict</td>
+ <td valign="top">(true | false) strict checking when
verifying.<br/><em>since Ant 1.9.1</em>.</td>
<td valign="top" align="center">No; default false</td>
</tr>
<tr>
@@ -124,24 +92,6 @@ block</td>
<td valign="top" align="center">No</td>
</tr>
<tr>
- <td valign="top">preservelastmodified</td>
- <td valign="top">Give the signed files the same last modified
- time as the original jar files.</td>
- <td valign="top" align="center">No; default false.</td>
- </tr>
- <tr>
- <td valign="top">tsaurl</td>
- <td valign="top">URL for a timestamp authority for timestamped
- JAR files in Java1.5+</td>
- <td valign="top" align="center">No</td>
- </tr>
- <tr>
- <td valign="top">tsacert</td>
- <td valign="top">alias in the keystore for a timestamp authority for
- timestamped JAR files in Java1.5+</td>
- <td valign="top" align="center">No</td>
- </tr>
- <tr>
<td valign="top">executable</td>
<td valign="top">Specify a particular <code>jarsigner</code> executable
to use in place of the default binary (found in the same JDK as
@@ -151,23 +101,6 @@ block</td>
<em>since Ant 1.8.0</em>.</td>
<td align="center" valign="top">No</td>
</tr>
- <tr>
- <td valign="top">force</td>
- <td valign="top">Whether to force signing of the jar file even if
- it doesn't seem to be out of date or already signed.
- <em>since Ant 1.8.0</em>.</td>
- <td align="center" valign="top">No; default false</td>
- </tr>
- <tr>
- <td valign="top">sigalg</td>
- <td valign="top">name of signature algorithm</td>
- <td valign="top" align="center">No</td>
- </tr>
- <tr>
- <td valign="top">digestalg</td>
- <td valign="top">name of digest algorithm</td>
- <td valign="top" align="center">No</td>
- </tr>
</table>
<h3>Parameters as nested elements</h3>
<table border="1" cellpadding="2" cellspacing="0">
@@ -178,20 +111,15 @@ block</td>
</tr>
<tr>
<td valign="top">path</td>
- <td valign="top">path of JAR files to sign. <em>since Ant 1.7</em></td>
+ <td valign="top">path of JAR files to verify. <em>since Ant 1.7</em></td>
<td valign="top" align="center">No</td>
</tr>
<tr>
<td valign="top">fileset</td>
- <td valign="top">fileset of JAR files to sign. </td>
+ <td valign="top">fileset of JAR files to verify. </td>
<td valign="top" align="center">No</td>
</tr>
<tr>
- <td valign="top">mapper</td>
- <td valign="top">A mapper to rename jar files during signing</td>
- <td valign="top" align="center">No, and only one can be supplied</td>
- </tr>
- <tr>
<td valign="top">sysproperty</td>
<td valign="top">JVM system properties, with the syntax of Ant
<a href="exec.html#env">environment variables</a> </td>
@@ -202,69 +130,13 @@ block</td>
<h3>Examples</h3>
<blockquote><pre>
-<signjar jar="${dist}/lib/ant.jar"
+<verifyjar jar="${dist}/lib/ant.jar"
alias="apache-group" storepass="secret"/>
</pre></blockquote>
<p>
- signs the ant.jar with alias "apache-group" accessing the
+ verifies the ant.jar with alias "apache-group" accessing the
keystore and private key via "secret" password.
</p>
- <blockquote><pre>
-<signjar destDir="signed"
- alias="testonly" keystore="testkeystore"
- storepass="apacheant"
- preservelastmodified="true">
- <path>
- <fileset dir="dist" includes="**/*.jar" />
- </path>
- <flattenmapper />
-</signjar>
-</pre></blockquote>
-<p>
-Sign all JAR files matching the dist/**/*.jar pattern, copying them to the
-directory "signed" afterwards. The flatten mapper means that they will
-all be copied to this directory, not to subdirectories.
-
-</p>
- <blockquote><pre>
-<signjar
- alias="testonly" keystore="testkeystore"
- storepass="apacheant"
- lazy="true"
- >
- <path>
- <fileset dir="dist" includes="**/*.jar" />
- </path>
-</signjar>
-</pre></blockquote>
-<p>
-Sign all the JAR files in dist/**/*.jar <i>in-situ</i>. Lazy signing is used,
-so the files will only be signed if they are not already signed.
-</p>
- <blockquote><pre>
-<signjar
- alias="testonly" keystore="testkeystore"
- storepass="apacheant"
- sigalg="MD5withRSA"
- digestalg="SHA1">
- <path>
- <fileset dir="dist" includes="**/*.jar" />
- </path>
-</signjar>
-</pre></blockquote>
-<p>
-Sign all the JAR files in dist/**/*.jar using the digest algorithm SHA1 and the
-signature algorithm MD5withRSA. This is especially useful when you want to use
-the JDK 7 jarsigner (which uses SHA256 and SHA256withRSA as default) to create
-signed jars that will be deployed on platforms not supporting SHA256 and
-SHA256withRSA.
-</p>
-<h3>About timestamp signing</h3>
-
-<p>
-Timestamped JAR files are a new feature in Java1.5; a feature supported in Ant
since
-Ant 1.7. Ant does not yet support proxy setup for this signing process.
-</p>
Modified: ant/core/trunk/manual/tasklist.html
URL:
http://svn.apache.org/viewvc/ant/core/trunk/manual/tasklist.html?rev=1476700&r1=1476699&r2=1476700&view=diff
==============================================================================
--- ant/core/trunk/manual/tasklist.html (original)
+++ ant/core/trunk/manual/tasklist.html Sun Apr 28 00:53:08 2013
@@ -180,6 +180,7 @@
<li><a href="Tasks/unzip.html">Unwar</a></li>
<li><a href="Tasks/unzip.html">Unzip</a></li>
<li><a href="Tasks/uptodate.html">Uptodate</a></li>
+<li><a href="Tasks/verifyjar.html">VerifyJar</a></li>
<li><a href="Tasks/vss.html#tasks">Microsoft Visual SourceSafe Tasks</a></li>
<li><a href="Tasks/waitfor.html">Waitfor</a></li>
<li><a href="Tasks/war.html">War</a></li>
Modified:
ant/core/trunk/src/main/org/apache/tools/ant/taskdefs/AbstractJarSignerTask.java
URL:
http://svn.apache.org/viewvc/ant/core/trunk/src/main/org/apache/tools/ant/taskdefs/AbstractJarSignerTask.java?rev=1476700&r1=1476699&r2=1476700&view=diff
==============================================================================
---
ant/core/trunk/src/main/org/apache/tools/ant/taskdefs/AbstractJarSignerTask.java
(original)
+++
ant/core/trunk/src/main/org/apache/tools/ant/taskdefs/AbstractJarSignerTask.java
Sun Apr 28 00:53:08 2013
@@ -67,6 +67,11 @@ public abstract class AbstractJarSignerT
*/
protected boolean verbose;
/**
+ * strict checking
+ * @since Ant 1.9.1
+ */
+ protected boolean strict = false;
+ /**
* The maximum amount of memory to use for Jar signer
*/
protected String maxMemory;
@@ -185,6 +190,15 @@ public abstract class AbstractJarSignerT
}
/**
+ * do strict checking
+ * @since Ant 1.9.1
+ * @param strict
+ */
+ public void setStrict(boolean strict) {
+ this.strict = strict;
+ }
+
+ /**
* Adds a set of files to sign
*
* @param set a set of files to sign
@@ -289,6 +303,10 @@ public abstract class AbstractJarSignerT
addValue(cmd, "-verbose");
}
+ if (strict) {
+ addValue(cmd, "-strict");
+ }
+
//now patch in all system properties
for (Environment.Variable variable :
sysProperties.getVariablesVector()) {
declareSysProperty(cmd, variable);
