Author: bodewig
Date: Wed Sep 11 04:17:31 2013
New Revision: 1521727
URL: http://svn.apache.org/r1521727
Log:
hint at Permissions manifest attribute and signing requirements for applets in
upcoming 7u51 - PR 55542 - Submitted by Erik Costlow
Modified:
ant/core/trunk/CONTRIBUTORS
ant/core/trunk/contributors.xml
ant/core/trunk/manual/Tasks/jar.html
ant/core/trunk/manual/Tasks/signjar.html
Modified: ant/core/trunk/CONTRIBUTORS
URL:
http://svn.apache.org/viewvc/ant/core/trunk/CONTRIBUTORS?rev=1521727&r1=1521726&r2=1521727&view=diff
==============================================================================
--- ant/core/trunk/CONTRIBUTORS (original)
+++ ant/core/trunk/CONTRIBUTORS Wed Sep 11 04:17:31 2013
@@ -112,6 +112,7 @@ Emmanuel Bourg
Eric Barboni
Eric Olsen
Eric Pugh
+Erik Costlow
Erik Hatcher
Erik Langenbach
Erik Meade
Modified: ant/core/trunk/contributors.xml
URL:
http://svn.apache.org/viewvc/ant/core/trunk/contributors.xml?rev=1521727&r1=1521726&r2=1521727&view=diff
==============================================================================
--- ant/core/trunk/contributors.xml (original)
+++ ant/core/trunk/contributors.xml Wed Sep 11 04:17:31 2013
@@ -473,6 +473,10 @@
</name>
<name>
<first>Erik</first>
+ <last>Costlow</last>
+ </name>
+ <name>
+ <first>Erik</first>
<last>Hatcher</last>
</name>
<name>
Modified: ant/core/trunk/manual/Tasks/jar.html
URL:
http://svn.apache.org/viewvc/ant/core/trunk/manual/Tasks/jar.html?rev=1521727&r1=1521726&r2=1521727&view=diff
==============================================================================
--- ant/core/trunk/manual/Tasks/jar.html (original)
+++ ant/core/trunk/manual/Tasks/jar.html Wed Sep 11 04:17:31 2013
@@ -48,7 +48,6 @@ multiple ones to merge together differen
The extended fileset and groupfileset child elements from the zip task are
also available in the jar task.
See the <a href="zip.html">Zip</a> task for more details and examples.</p>
-<p>If the manifest is omitted, a simple one will be supplied by Apache Ant.</p>
<p>The <code>update</code> parameter controls what happens if the JAR
file already exists. When set to <code>yes</code>, the JAR file is
@@ -59,6 +58,8 @@ note that ZIP files store file modificat
of two seconds. If a file is less than two seconds newer than the
entry in the archive, Ant will not consider it newer.</p>
+<p>If the manifest is omitted, a simple one will be supplied by Apache Ant.</p>
+
<p>The <code>whenmanifestonly</code> parameter controls what happens when no
files, apart from the manifest file, or nested services, match.
If <code>skip</code>, the JAR is not created and a warning is issued.
@@ -73,12 +74,12 @@ attribute of a zipfileset in a Zip task.
include an empty one for you.)</p>
<p>Manifests are processed by the Jar task according to the
-<a target="_blank"
href="http://download.oracle.com/javase/1.5.0/docs/guide/jar/jar.html";>Jar file
specification.</a>
+<a target="_blank"
href="http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html";>Jar
file specification.</a>
Note in particular that this may result in manifest lines greater than 72 bytes
being wrapped and continued on the next line.</p>
<p>The Jar task checks whether you specified package information according to
the
-<a target="_blank"
href="http://download.oracle.com/javase/1.3/docs/guide/versioning/spec/VersioningSpecification.html#PackageVersioning";>
+<a target="_blank"
href="http://docs.oracle.com/javase/7/docs/technotes/guides/versioning/spec/versioning2.html#wp90779";>
versioning specification</a>.</p>
<p><b>Please note that the zip format allows multiple files of the same
@@ -87,6 +88,8 @@ documented as causing various problems f
to avoid this behavior you must set the <code>duplicate</code> attribute
to a value other than its default, <code>"add"</code>.</b></p>
+<p>To cryptographically sign your JAR file, use the <a
href="signjar.html">SignJar task</a> on the JAR that you create from this
task.</p>
+
<h3>Parameters</h3>
<table border="1" cellpadding="2" cellspacing="0">
<tr>
@@ -196,7 +199,7 @@ to a value other than its default, <code
<tr>
<td valign="top">index</td>
<td valign="top">whether to create an <A
-
HREF="http://download.oracle.com/javase/1.5.0/docs/guide/jar/jar.html#JAR%20Index";>index
+
HREF="http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html#JAR_Index";>index
list</A> to speed up classloading. This is a JDK 1.3+ specific
feature. Unless you specify additional jars with nested <a
href="#indexjars"><code>indexjars</code></a> elements, only the
@@ -211,7 +214,7 @@ to a value other than its default, <code
false.<br/>
Sun's jar implementation used to skip the META-INF directory and
Ant followed that example. The behavior has been changed with
- <a href="http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4408526";>Java
+ <a href="https://bugs.openjdk.java.net/browse/JDK-4408526";>Java
5</a>. In order to avoid problems with Ant generated jars on
Java 1.4 or earlier Ant will not include META-INF unless
explicitly asked to.<br/>
@@ -391,8 +394,8 @@ depend on your manifest:</p>
<p>
The nested <code>service</code> element specifies a service.
- Services are described by
- <a
href="http://download.oracle.com/javase/1.5.0/docs/guide/jar/jar.html#Service%20Provider";>http://download.oracle.com/javase/1.5.0/docs/guide/jar/jar.html#Service%20Provider</a>.
+ Services are described in the
+ <a
href="http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html#Service_Provider";>service
provider overview</a>.
The approach is to have providers JARs include files named by the service
provided, for example,
META-INF/services/javax.script.ScriptEngineFactory
@@ -516,6 +519,10 @@ by Java).</p>
<blockquote><pre> <jar destfile="test.jar"
basedir=".">
<include name="build"/>
<manifest>
+ <!-- If this is an Applet or Web Start application, include
+ the proper attributes from <a
href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/index.html";>http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/index.html</a>
-->
+ <attribute name="Permissions" value="sandbox"/>
+ <attribute name="Codebase"
value="example.com"/>
<!-- Who is building this jar? -->
<attribute name="Built-By"
value="${user.name}"/>
<!-- Information about the program itself -->
@@ -535,11 +542,13 @@ property ${user.name}. The manifest prod
</p>
<blockquote><pre><code>Manifest-Version: 1.0
+Permissions: sandbox
+Codebase: example.com
Built-By: conor
Implementation-Vendor: ACME inc.
Implementation-Title: GreatProduct
Implementation-Version: 1.0.0beta2
-Created-By: Apache Ant 1.7.0
+Created-By: Apache Ant 1.9.2
Name: common/MyClass.class
Sealed: false</code></pre></blockquote>
Modified: ant/core/trunk/manual/Tasks/signjar.html
URL:
http://svn.apache.org/viewvc/ant/core/trunk/manual/Tasks/signjar.html?rev=1521727&r1=1521726&r2=1521727&view=diff
==============================================================================
--- ant/core/trunk/manual/Tasks/signjar.html (original)
+++ ant/core/trunk/manual/Tasks/signjar.html Wed Sep 11 04:17:31 2013
@@ -26,7 +26,8 @@
<h2><a name="signjar">SignJar</a></h2>
<h3>Description</h3>
-<p>Signs JAR files with the <tt>jarsigner</tt> command line tool.
+<p>Signing a jar allows users to authenticate the publisher.</p>
+<p>Signs JAR files with the <a target="_blank"
href="http://docs.oracle.com/javase/7/docs/technotes/tools/windows/jarsigner.html";><tt>jarsigner</tt>
command line tool</a>.
It will take a named file in the <tt>jar</tt> attribute, and an optional
<tt>destDir</tt> or <tt>signedJar</tt> attribute. Nested paths are also
supported; here only an (optional) <tt>destDir</tt> is allowed. If a
destination
@@ -206,6 +207,7 @@ block</td>
<h3>Examples</h3>
+<p>For instructions on generating a code signing certificate, see the <a
target="_blank"
href="http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html";>keytool
documentation</a> and/or instructions from your certificate authority.</p>
<blockquote><pre>
<signjar jar="${dist}/lib/ant.jar"
alias="apache-group" storepass="secret"/>
@@ -266,12 +268,21 @@ SHA256withRSA.
</p>
<h3>About timestamp signing</h3>
+<p>Timestamps record the date and time that a signature took place, allowing
the signature to be verified as of that point in time.
+With trusted timestamping, users can verify that signing occurred before a
certificate's expiration or revocation. Without this timestamp, users can only
verify the signature as of their current date.</p>
+
<p>
-Timestamped JAR files are a new feature in Java1.5; a feature supported in Ant
since
+Timestamped JAR files were introduced in Java1.5 and supported in Ant since
Ant 1.7. Ant does not yet support proxy setup for this signing process.
</p>
-
+<p>Common public timestamp authorities include
+ <ul>
+ <li>http://timestamp.verisign.com</li>
+ <li>http://tsa.starfieldtech.com</li>
+ <li>https://timestamp.geotrust.com/tsa</li>
+ <li>Others (see your certificate authority)</li>
+ </ul></p>
</body>
</html>
