1 | <!--
|
---|
2 | Licensed to the Apache Software Foundation (ASF) under one or more
|
---|
3 | contributor license agreements. See the NOTICE file distributed with
|
---|
4 | this work for additional information regarding copyright ownership.
|
---|
5 | The ASF licenses this file to You under the Apache License, Version 2.0
|
---|
6 | (the "License"); you may not use this file except in compliance with
|
---|
7 | the License. You may obtain a copy of the License at
|
---|
8 |
|
---|
9 | http://www.apache.org/licenses/LICENSE-2.0
|
---|
10 |
|
---|
11 | Unless required by applicable law or agreed to in writing, software
|
---|
12 | distributed under the License is distributed on an "AS IS" BASIS,
|
---|
13 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
---|
14 | See the License for the specific language governing permissions and
|
---|
15 | limitations under the License.
|
---|
16 | -->
|
---|
17 | <html>
|
---|
18 |
|
---|
19 | <head>
|
---|
20 | <meta http-equiv="Content-Language" content="en-us">
|
---|
21 | <link rel="stylesheet" type="text/css" href="../stylesheets/style.css">
|
---|
22 | <title>SignJar Task</title>
|
---|
23 | </head>
|
---|
24 |
|
---|
25 | <body>
|
---|
26 |
|
---|
27 | <h2><a name="signjar">SignJar</a></h2>
|
---|
28 | <h3>Description</h3>
|
---|
29 | <p>Signs JAR files with the <tt>jarsigner</tt> command line tool.
|
---|
30 | It will take a named file in the <tt>jar</tt> attribute, and an optional
|
---|
31 | <tt>destDir</tt> or <tt>signedJar</tt> attribute. Nested paths are also
|
---|
32 | supported; here only an (optional) <tt>destDir</tt> is allowed. If a destination
|
---|
33 | directory or explicit JAR file name is not provided, JARs are signed in place.
|
---|
34 | </p>
|
---|
35 | <p>
|
---|
36 | Dependency rules
|
---|
37 | </p>
|
---|
38 | <ul>
|
---|
39 | <li>Nonexistent destination JARs are created/signed</li>
|
---|
40 | <li>Out of date destination JARs are created/signed</li>
|
---|
41 | <li>If a destination file and a source file are the same,
|
---|
42 | and <tt>lazy</tt> is true, the JAR is only signed if it does not
|
---|
43 | contain a signature by this alias.</li>
|
---|
44 | <li>If a destination file and a source file are the same,
|
---|
45 | and <tt>lazy</tt> is false, the JAR is signed.</li>
|
---|
46 | </ul>
|
---|
47 |
|
---|
48 | <h3>Parameters</h3>
|
---|
49 | <table border="1" cellpadding="2" cellspacing="0">
|
---|
50 | <tr>
|
---|
51 | <td valign="top"><b>Attribute</b></td>
|
---|
52 | <td valign="top"><b>Description</b></td>
|
---|
53 | <td align="center" valign="top"><b>Required</b></td>
|
---|
54 | </tr>
|
---|
55 | <tr>
|
---|
56 | <td valign="top">jar</td>
|
---|
57 | <td valign="top">the jar file to sign</td>
|
---|
58 | <td valign="top" align="center">Yes, unless nested paths have
|
---|
59 | been used.</td>
|
---|
60 | </tr>
|
---|
61 | <tr>
|
---|
62 | <td valign="top">alias</td>
|
---|
63 | <td valign="top">the alias to sign under</td>
|
---|
64 | <td valign="top" align="center">Yes.</td>
|
---|
65 | </tr>
|
---|
66 | <tr>
|
---|
67 | <td valign="top">storepass</td>
|
---|
68 | <td valign="top">password for keystore integrity.</td>
|
---|
69 | <td valign="top" align="center">Yes.</td>
|
---|
70 | </tr>
|
---|
71 | <tr>
|
---|
72 | <td valign="top">keystore</td>
|
---|
73 | <td valign="top">keystore location</td>
|
---|
74 | <td valign="top" align="center">No</td>
|
---|
75 | </tr>
|
---|
76 | <tr>
|
---|
77 | <td valign="top">storetype</td>
|
---|
78 | <td valign="top">keystore type</td>
|
---|
79 | <td valign="top" align="center">No</td>
|
---|
80 | </tr>
|
---|
81 | <tr>
|
---|
82 | <td valign="top">keypass</td>
|
---|
83 | <td valign="top">password for private key (if different)</td>
|
---|
84 | <td valign="top" align="center">No</td>
|
---|
85 | </tr>
|
---|
86 | <tr>
|
---|
87 | <td valign="top">sigfile</td>
|
---|
88 | <td valign="top">name of .SF/.DSA file</td>
|
---|
89 | <td valign="top" align="center">No</td>
|
---|
90 | </tr>
|
---|
91 | <tr>
|
---|
92 | <td valign="top">signedjar</td>
|
---|
93 | <td valign="top">name of signed JAR file. This can only be set when
|
---|
94 | the <tt>jar</tt> attribute is set.</td>
|
---|
95 | <td valign="top" align="center">No.</td>
|
---|
96 | </tr>
|
---|
97 | <tr>
|
---|
98 | <td valign="top">verbose</td>
|
---|
99 | <td valign="top">(true | false) verbose output when signing</td>
|
---|
100 | <td valign="top" align="center">No; default false</td>
|
---|
101 | </tr>
|
---|
102 | <tr>
|
---|
103 | <td valign="top">internalsf</td>
|
---|
104 | <td valign="top">(true | false) include the .SF file inside the signature
|
---|
105 | block</td>
|
---|
106 | <td valign="top" align="center">No; default false</td>
|
---|
107 | </tr>
|
---|
108 | <tr>
|
---|
109 | <td valign="top">sectionsonly</td>
|
---|
110 | <td valign="top">(true | false) don't compute hash of entire manifest</td>
|
---|
111 | <td valign="top" align="center">No; default false</td>
|
---|
112 | </tr>
|
---|
113 | <tr>
|
---|
114 | <td valign="top">lazy</td>
|
---|
115 | <td valign="top">flag to control whether the presence of a signature
|
---|
116 | file means a JAR is signed. This is only used when the target JAR matches
|
---|
117 | the source JAR</td>
|
---|
118 | <td valign="top" align="center">No; default false</td>
|
---|
119 | </tr>
|
---|
120 | <tr>
|
---|
121 | <td valign="top">maxmemory</td>
|
---|
122 | <td valign="top">Specifies the maximum memory the jarsigner VM will use. Specified in the
|
---|
123 | style of standard java memory specs (e.g. 128m = 128 MBytes)</td>
|
---|
124 | <td valign="top" align="center">No</td>
|
---|
125 | </tr>
|
---|
126 | <tr>
|
---|
127 | <td valign="top">preservelastmodified</td>
|
---|
128 | <td valign="top">Give the signed files the same last modified
|
---|
129 | time as the original jar files.</td>
|
---|
130 | <td valign="top" align="center">No; default false.</td>
|
---|
131 | </tr>
|
---|
132 | <tr>
|
---|
133 | <td valign="top">tsaurl</td>
|
---|
134 | <td valign="top">URL for a timestamp authority for timestamped
|
---|
135 | JAR files in Java1.5+</td>
|
---|
136 | <td valign="top" align="center">No</td>
|
---|
137 | </tr>
|
---|
138 | <tr>
|
---|
139 | <td valign="top">tsacert</td>
|
---|
140 | <td valign="top">alias in the keystore for a timestamp authority for
|
---|
141 | timestamped JAR files in Java1.5+</td>
|
---|
142 | <td valign="top" align="center">No</td>
|
---|
143 | </tr>
|
---|
144 |
|
---|
145 | </table>
|
---|
146 | <h3>Parameters as nested elements</h3>
|
---|
147 | <table border="1" cellpadding="2" cellspacing="0">
|
---|
148 | <tr>
|
---|
149 | <td valign="top"><b>Attribute</b></td>
|
---|
150 | <td valign="top"><b>Description</b></td>
|
---|
151 | <td align="center" valign="top"><b>Required</b></td>
|
---|
152 | </tr>
|
---|
153 | <tr>
|
---|
154 | <td valign="top">path</td>
|
---|
155 | <td valign="top">path of JAR files to sign. <em>since Ant 1.7</em></td>
|
---|
156 | <td valign="top" align="center">No</td>
|
---|
157 | </tr>
|
---|
158 | <tr>
|
---|
159 | <td valign="top">fileset</td>
|
---|
160 | <td valign="top">fileset of JAR files to sign. </td>
|
---|
161 | <td valign="top" align="center">No</td>
|
---|
162 | </tr>
|
---|
163 | <tr>
|
---|
164 | <td valign="top">mapper</td>
|
---|
165 | <td valign="top">A mapper to rename jar files during signing</td>
|
---|
166 | <td valign="top" align="center">No, and only one can be supplied</td>
|
---|
167 | </tr>
|
---|
168 | <tr>
|
---|
169 | <td valign="top">sysproperty</td>
|
---|
170 | <td valign="top">JVM system properties, with the syntax of Ant
|
---|
171 | <a href="exec.html#env">environment variables</a> </td>
|
---|
172 | <td valign="top" align="center">No, and only one can be supplied</td>
|
---|
173 | </tr>
|
---|
174 | </table>
|
---|
175 |
|
---|
176 |
|
---|
177 | <h3>Examples</h3>
|
---|
178 | <blockquote><pre>
|
---|
179 | <signjar jar="${dist}/lib/ant.jar"
|
---|
180 | alias="apache-group" storepass="secret"/>
|
---|
181 | </pre></blockquote>
|
---|
182 | <p>
|
---|
183 | signs the ant.jar with alias "apache-group" accessing the
|
---|
184 | keystore and private key via "secret" password.
|
---|
185 | </p>
|
---|
186 | <blockquote><pre>
|
---|
187 | <signjar destDir="signed"
|
---|
188 | alias="testonly" keystore="testkeystore"
|
---|
189 | storepass="apacheant"
|
---|
190 | preservelastmodified="true">
|
---|
191 | <path>
|
---|
192 | <fileset dir="dist" includes="**/*.jar" />
|
---|
193 | </path>
|
---|
194 | <flattenmapper />
|
---|
195 | </signjar>
|
---|
196 | </pre></blockquote>
|
---|
197 | <p>
|
---|
198 | Sign all JAR files matching the dist/**/*.jar pattern, copying them to the
|
---|
199 | directory "signed" afterwards. The flatten mapper means that they will
|
---|
200 | all be copied to this directory, not to subdirectories.
|
---|
201 |
|
---|
202 | </p>
|
---|
203 | <blockquote><pre>
|
---|
204 | <signjar
|
---|
205 | alias="testonly" keystore="testkeystore"
|
---|
206 | storepass="apacheant"
|
---|
207 | lazy="true"
|
---|
208 | >
|
---|
209 | <path>
|
---|
210 | <fileset dir="dist" includes="**/*.jar" />
|
---|
211 | </path>
|
---|
212 | </signjar>
|
---|
213 | </pre></blockquote>
|
---|
214 | <p>
|
---|
215 | Sign all the JAR files in dist/**/*.jar <i>in-situ</i>. Lazy signing is used,
|
---|
216 | so the files will only be signed if they are not already signed.
|
---|
217 | </p>
|
---|
218 | <h3>About timestamp signing</h3>
|
---|
219 |
|
---|
220 | <p>
|
---|
221 | Timestamped JAR files are a new feature in Java1.5; a feature supported in Ant since
|
---|
222 | Ant 1.7. Ant does not yet support proxy setup for this singing process, and
|
---|
223 | the whole TSA feature is not tested yet. Furthermore, the
|
---|
224 | <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/time-of-signing-beta1.html">
|
---|
225 | official TSA documentation</a>
|
---|
226 | warns that the API is subject to change. If a future version of Java changes the
|
---|
227 | API, Ant will break. It may be possible to hide changes if and when they occur,
|
---|
228 | but this can not be guaranteed.
|
---|
229 | </p>
|
---|
230 |
|
---|
231 |
|
---|
232 |
|
---|
233 | </body>
|
---|
234 | </html>
|
---|
235 |
|
---|