On 2011-09-05, Stefan Bodewig wrote: > On 2011-09-05, Emmanuel Bourg wrote:
>> That looks interesting. Does it provide a repack mode suitable for >> signing compressed jars? > I assume you mean > ,---- > | Note that packing and unpacking a JAR will in general alter the bytewise > | contents of classfiles in the JAR. This means that packing and unpacking > | will in general invalidate any digital signatures which rely on bytewise > | images of JAR elements. In order both to sign and to pack a JAR, you > | must first pack and unpack the JAR to "normalize" it, then compute > | signatures on the unpacked JAR elements, and finally repack the signed > | JAR. Both packing steps should use precisely the same options, and the > | segment limit may also need to be set to "-1", to prevent accidental > | variation of segment boundaries as class file sizes change slightly. > `---- > as in > <http://download.oracle.com/javase/1.5.0/docs/api/java/util/jar/Pack200.Packer.html> > I think the "normalization" step could be part of a util class inside > the package. Some utility method that takes a JAR, packs it and unpacks > it again to a new jar that would then need to get signed. Signing > itself seems outside of compress' scope to me. Emmanuel, is the Pack200Utils.normalize method I've just committed what you've been looking for? Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
