On 2011-09-05, Emmanuel Bourg wrote: > That looks interesting. Does it provide a repack mode suitable for > signing compressed jars?
I assume you mean ,---- | Note that packing and unpacking a JAR will in general alter the bytewise | contents of classfiles in the JAR. This means that packing and unpacking | will in general invalidate any digital signatures which rely on bytewise | images of JAR elements. In order both to sign and to pack a JAR, you | must first pack and unpack the JAR to "normalize" it, then compute | signatures on the unpacked JAR elements, and finally repack the signed | JAR. Both packing steps should use precisely the same options, and the | segment limit may also need to be set to "-1", to prevent accidental | variation of segment boundaries as class file sizes change slightly. `---- as in <http://download.oracle.com/javase/1.5.0/docs/api/java/util/jar/Pack200.Packer.html> I think the "normalization" step could be part of a util class inside the package. Some utility method that takes a JAR, packs it and unpacks it again to a new jar that would then need to get signed. Signing itself seems outside of compress' scope to me. Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
