maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jerome Lacoste (JIRA)" <j...@codehaus.org>
Subject [jira] Commented: (MJAR-67) jar:sign - Jars containing invalid remains of older signatures won't get signed
Date Sat, 25 Aug 2007 20:45:47 GMT

    [ http://jira.codehaus.org/browse/MJAR-67?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_105697
] 

Jerome Lacoste commented on MJAR-67:
------------------------------------

> The problem seems to be that jarsigner is called with -verify - although I'm explicitely
turning it of in plugin configuration.

I have a feeling that the attached patch is not enough right way to fix the issue,

The exception should be thrown by default and a user flag should be there to allow bypassing
the failed check.
Also the log message should be warn instead of info. Patch coming.

Finally you could also try to remove signatures (try the webstart:unsign mojo)

Another solution was for JarSignVerifyMojo to not throw an exception when errorWhenNotSigned
is true, which I didn't like much,


> jar:sign - Jars containing invalid remains of older signatures won't get signed
> -------------------------------------------------------------------------------
>
>                 Key: MJAR-67
>                 URL: http://jira.codehaus.org/browse/MJAR-67
>             Project: Maven 2.x Jar Plugin
>          Issue Type: Bug
>          Components: sign
>    Affects Versions: 2.1
>         Environment: Maven 2.0.4 on Windows XP
> JDK 1.5.0_08
>            Reporter: Gottfried Gan├čauge
>         Attachments: error.log, jar-plugin.patch, pom.xml
>
>
> I'm trying to ease the burden of applet deployment by integrating every dependency of
that applet into the applet's .jar archive.
> For this purpose I'm using the unpack goal of the dependency plugin (see attached POM).
> For a particular case I had to integrate an already signed applet.
> There is no way I can get the integrated jar signed using jar:sign - I always get an
error from jarsigner (see attached error.log).
> The problem seems to be that jarsigner is called with -verify - although I'm explicitely
turning it of in plugin configuration.
> When calling jarsigned from the command line without -verify it runs to completion.
> When running it with -verify from the command line the same error occurs as in the maven
build.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

Mime
View raw message