SignJar Task

From 753a6c60f47f3ac4f270005b65e9d6481de8eb68 Mon Sep 17 00:00:00 2001 From: Ashlee Young Date: Fri, 23 Oct 2015 10:00:02 -0700 Subject: Adding maven and ant source trees Change-Id: I0a39b9add833a31b9c3f98d193983ae2f3a5a445 Signed-off-by: Ashlee Young --- .../ant/apache-ant-1.9.6/manual/Tasks/signjar.html | 299 +++++++++++++++++++++ 1 file changed, 299 insertions(+) create mode 100644 framework/src/ant/apache-ant-1.9.6/manual/Tasks/signjar.html (limited to 'framework/src/ant/apache-ant-1.9.6/manual/Tasks/signjar.html') diff --git a/framework/src/ant/apache-ant-1.9.6/manual/Tasks/signjar.html b/framework/src/ant/apache-ant-1.9.6/manual/Tasks/signjar.html new file mode 100644 index 00000000..0f9d7784 --- /dev/null +++ b/framework/src/ant/apache-ant-1.9.6/manual/Tasks/signjar.html @@ -0,0 +1,299 @@ + + + + + + +SignJar Task + + + + +

SignJar

Description

Signing a jar allows users to authenticate the publisher.

Signs JAR files with the jarsigner command line tool. +It will take a named file in the jar attribute, and an optional +destDir or signedJar attribute. Nested paths are also +supported; here only an (optional) destDir is allowed. If a destination +directory or explicit JAR file name is not provided, JARs are signed in place. +

+Dependency rules +

Nonexistent destination JARs are created/signed
Out of date destination JARs are created/signed
If a destination file and a source file are the same, +and lazy is true, the JAR is only signed if it does not +contain a signature by this alias.
If a destination file and a source file are the same, +and lazy is false, the JAR is signed.

+ +

Parameters

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Attribute	Description	Required
jar	the jar file to sign	Yes, unless nested paths have + been used.
alias	the alias to sign under	Yes.
storepass	password for keystore integrity.	Yes.
keystore	keystore location	No
storetype	keystore type	No
keypass	password for private key (if different)	No
sigfile	name of .SF/.DSA file	No
signedjar	name of signed JAR file. This can only be set when + the `jar` attribute is set.	No.
verbose	(true \| false) verbose output when signing	No; default false
strict	(true \| false) strict checking when signing. since Ant 1.9.1.	No; default false
internalsf	(true \| false) include the .SF file inside the signature +block	No; default false
sectionsonly	(true \| false) don't compute hash of entire manifest	No; default false
lazy	flag to control whether the presence of a signature + file means a JAR is signed. This is only used when the target JAR matches + the source JAR	No; default false
maxmemory	Specifies the maximum memory the jarsigner VM will use. Specified in the + style of standard java memory specs (e.g. 128m = 128 MBytes)	No
preservelastmodified	Give the signed files the same last modified + time as the original jar files.	No; default false.
tsaurl	URL for a timestamp authority for timestamped + JAR files in Java1.5+	No
tsacert	alias in the keystore for a timestamp authority for + timestamped JAR files in Java1.5+	No
tsaproxyhost	proxy host to be used when connecting to TSA server	No
tsaproxyport	proxy port to be used when connecting to TSA server	No
executable	Specify a particular `jarsigner` executable + to use in place of the default binary (found in the same JDK as + Apache Ant is running in). + Must support the same command line options as the Sun JDK + jarsigner command. + since Ant 1.8.0.	No
force	Whether to force signing of the jar file even if + it doesn't seem to be out of date or already signed. + since Ant 1.8.0.	No; default false
sigalg	name of signature algorithm	No
digestalg	name of digest algorithm	No

Parameters as nested elements

+ + + + + + + + + + + + + + + + + + + + + + + + + + +

Attribute	Description	Required
path	path of JAR files to sign. since Ant 1.7	No
fileset	fileset of JAR files to sign.	No
mapper	A mapper to rename jar files during signing	No, and only one can be supplied
sysproperty	JVM system properties, with the syntax of Ant + environment variables	No, and only one can be supplied

+ + +

Examples

For instructions on generating a code signing certificate, see the keytool documentation and/or instructions from your certificate authority.

+<signjar jar="${dist}/lib/ant.jar"
+alias="apache-group" storepass="secret"/>
+

+ signs the ant.jar with alias "apache-group" accessing the + keystore and private key via "secret" password. +

+<signjar destDir="signed"
+    alias="testonly" keystore="testkeystore"
+    storepass="apacheant"
+    preservelastmodified="true">
+  <path>
+    <fileset dir="dist" includes="**/*.jar" />
+  </path>
+  <flattenmapper />
+</signjar>
+

+Sign all JAR files matching the dist/**/*.jar pattern, copying them to the +directory "signed" afterwards. The flatten mapper means that they will +all be copied to this directory, not to subdirectories. + +

+<signjar
+    alias="testonly" keystore="testkeystore"
+    storepass="apacheant"
+    lazy="true"
+    >
+  <path>
+    <fileset dir="dist" includes="**/*.jar" />
+  </path>
+</signjar>
+

+Sign all the JAR files in dist/**/*.jar in-situ. Lazy signing is used, +so the files will only be signed if they are not already signed. +

+<signjar
+    alias="testonly" keystore="testkeystore"
+    storepass="apacheant"
+    sigalg="MD5withRSA"
+    digestalg="SHA1">
+  <path>
+    <fileset dir="dist" includes="**/*.jar" />
+  </path>
+</signjar>
+

+Sign all the JAR files in dist/**/*.jar using the digest algorithm SHA1 and the +signature algorithm MD5withRSA. This is especially useful when you want to use +the JDK 7 jarsigner (which uses SHA256 and SHA256withRSA as default) to create +signed jars that will be deployed on platforms not supporting SHA256 and +SHA256withRSA. +

About timestamp signing

+ +

Timestamps record the date and time that a signature took place, allowing the signature to be verified as of that point in time. +With trusted timestamping, users can verify that signing occurred before a certificate's expiration or revocation. Without this timestamp, users can only verify the signature as of their current date.

+ +

+Timestamped JAR files were introduced in Java1.5 and supported in Ant since +Ant 1.7. Since Ant 1.9.5, Ant can use unauthenticated proxies for this signing process. +

+ +

Common public timestamp authorities include +

http://timestamp.verisign.com
http://tsa.starfieldtech.com
https://timestamp.geotrust.com/tsa
Others (see your certificate authority)

+ + + + -- cgit 1.2.3-korg