I 've trying to unsign the jars all day now, and I am giving up...
I know this very easy way works though:
- Sign them (even if they are signed)
- Remove the *.SF/*.RSA file if it's not yours.
The other way around probably works too.
So only thing the webstart plugin should do is:
- If it's already signed by someone else (I would hack this for now to
"if it's already signed in the repo" as you don't want to resign already
signed files by yourself in target/jnlp)
then first remove *.SF/*.RSA (and *.sf/*.rsa) from the Zip file before
signing it.
Sounds easy enough right? And in webstart the ANT tasks are already
included and it includes a zip and unzip task. But there isn't an Unzip
class (there is a zip class) Using Sun's ZipStream's is more boilerplate
I presume.
jerome lacoste wrote:
On 5/11/06, Geoffrey De Smet <[EMAIL PROTECTED]> wrote:
Jerome,
Thanks for you help already.
I am looking into already signed jars issue:
http://jira.codehaus.org/browse/MPJNLP-28
this is maven 1.x plugin
(The webstart website wrongly refs
http://jira.codehaus.org/browse/MOJO-263
instead)
that's the right issue wrt m2 plugin.
But it seems that the problem lies with the maven jar plugin,
not jnlp itself. Could it be there is any progress in that in the newer
jar snapshots?
The idea will be to:
- write a jar:unsign mojo. We can first have this plugin in webstart
and move it to jar plugin when it is stabilized. I want that for 1.0.
- reuse the unsign functionality from the webstart plugin the same way
we use sign.
I think there's already some code for jar:unsign around. If you don't
find it in Jira, ping me.
I haven't worked at all with the issue lately apart from summarising
the needs in the MOJO-263 description. Feel free to work on it.
Jerome
--
With kind regards,
Geoffrey De Smet
