DO NOT REPLY [Bug 27596] no way to verify JAR files as validly signed in Ant. (was: signjar should support the -verify and -certs options)
https://issues.apache.org/bugzilla/show_bug.cgi?id=27596 Stefan Bodewig bode...@apache.org changed: What|Removed |Added AssignedTo|ste...@apache.org |notificati...@ant.apache.or ||g -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug. You are the assignee for the bug.
DO NOT REPLY [Bug 27596] no way to verify JAR files as validly signed in Ant. (was: signjar should support the -verify and -certs options)
https://issues.apache.org/bugzilla/show_bug.cgi?id=27596 --- Comment #6 from Emmanuel Bourg ebo...@apache.org 2009-05-19 04:01:00 PST --- I understand it's not perfect, the task is 'as bad' as the jarsigner tool, but it's still useful. For example when you sign and pack your own jar files (with pack200), running 'jarsigner -verify' is a must to ensure that the repack+sign+pack process was done properly. I use verifyjar to check the jars produced by my build and signed with my certificate. The fact that the validity of the certificate is not checked is irrelevant in this case. It doesn't tell if the jar can be trusted, it tells if the jar is corrupted and will break when loaded by the Java Plugin. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug.
DO NOT REPLY [Bug 27596] no way to verify JAR files as validly signed in Ant. (was: signjar should support the -verify and -certs options)
https://issues.apache.org/bugzilla/show_bug.cgi?id=27596 Emmanuel Bourg ebo...@apache.org changed: What|Removed |Added CC||ebo...@apache.org --- Comment #4 from Emmanuel Bourg ebo...@apache.org 2009-05-18 10:11:53 PST --- It may be worth documenting somewhere that the verifyjar task is actually implemented and available since Ant 1.7. It works fine to verify a set of jar files, otherwise jarsigner has to be called through the exec task for every jar to check: exec executable=jarsigner dir=dist/lib failonerror=true arg value=-verify/ arg value=foo.jar/ /exec exec executable=jarsigner dir=dist/lib failonerror=true arg value=-verify/ arg value=bar.jar/ /exec What is missing from the task to make it official? -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug.
