ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From T E Schmitz <>
Subject Re: [signjar] prevent double signing
Date Thu, 04 Nov 2004 17:23:19 GMT
Hello Stefan/Ivan,

Stefan Bodewig wrote:

> On Thu, 4 Nov 2004, Ivan Ivanov <> wrote:
>>Actually, there *is* a method called isSigned(File) that checks
>>whether a jar is signed, so what you want *is* possible.
> A signed jar contains the signature in a file named ALIAS.SF (ALIAS is
> a placeholder here) inside of the META-INF directory.  All the code in
> signjar does is checking for this file.
> It doesn not check whether the file contains anything useful or the
> signature is valid.

Now we're talking ... ;-)

But before I ask how I could obtain this information, let's go one step 
back: I originally assumed that the "lazy" attribute would exactly that 
for me: just sign the jar if it is unsigned and skipped the signed ones. 
But I've tried it with filesets and named files, it doesn't matter what 
- the jar *always* gets signed.

Am I misunderstanding the lazy attribute or what might be wrong with the 
following? (mail.jar is signed by Sun):

<signjar keystore="${java.keystore}" storepass="${keystore.passwd}" 
alias="${key.alias}" verbose="true" lazy="true" 



Tarlika Elisabeth Schmitz

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message