[ http://jira.codehaus.org/browse/MOJO-269?page=all ]
Brett Porter updated MOJO-269:
------------------------------
Component: (was: sandbox)
webstart
> [webstart] Pack200 shouldn't effect the original jar files.
> -----------------------------------------------------------
>
> Key: MOJO-269
> URL: http://jira.codehaus.org/browse/MOJO-269
> Project: Mojo
> Type: Improvement
> Components: webstart
> Reporter: David Boden
> Assignee: Jerome Lacoste
> Attachments: patch.txt
>
>
> When creating a webstart artifact, the pack200 process shouldn't effect the
> original jars. (if someone disagrees with this then please feel free to
> comment!)
> Packing and unpacking using the pack200 process results in a smaller jar with
> some of the class files' internal information removed. This may result in
> unpredictable behaviour when using clients that don't support pack200 at all.
> I've attached a patch where I've tried to separate the pack200 process
> completely from the signing of the original jar files.
> The patch also aims to solve the problems of signing webstart jar files that
> are already signed by a 3rd party certificate. This causes problems with
> pack200 because packing a file ruins the digital signature by virtue of
> changing the class files. I've failed in this regard because jarsigner
> doesn't seem to give you a way of checking whether a jar is already signed
> correctly. It doesn't differentiate between an unsigned jar and an invalid
> manifest format.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
