Laurent
which would work best? multiple jar dependencies each with their own .sha1 own .md5 (appropriate security entries for each MANIFEST.MF for each dependency-jar) or create an uberjar (with all dependencies packed in) one .sha1 will cover uberjar one .md5 will cover uberjar security characteristics identified in MANIFEST.MF would cover the entire "uberjar" ? M- ______________________________________________ Note de déni et de confidentialité Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > From: laurent.fo...@gmail.com > Date: Fri, 26 Jul 2013 22:35:41 +0200 > Subject: Re: webstart application and Java7u25 > To: users@maven.apache.org > > Because applets may depend of other libraries . > > Laurent Forêt > @laurentforet > http://www.devcoop.fr > > > On Fri, Jul 26, 2013 at 10:00 PM, Jeff MAURY <jeffma...@jeffmaury.com>wrote: > > > I didn't get the dependency issue. > > > > Jeff > > > > > > On Fri, Jul 26, 2013 at 5:49 PM, Laurent Forêt <laurent.fo...@gmail.com > > >wrote: > > > > > To secure and make deployable an applet or a WebStartApp, you have to : > > > > > > * get the dependencies > > > * modify each manifest (you also have to deal with > > > > > http://docs.oracle.com/javase/6/docs/technotes/guides/jweb/mixed_code.html# > > > ) > > > * and sign the jar. > > > > > > If you have something else than a specific mojo which can do that, I will > > > be pleased to hear about that. > > > > > > AFAIK the only plugin that can deal with the archiver and change a > > manifest > > > of an artifact is the jar plugin. > > > > > > Thanks. > > > > > > Laurent Forêt > > > @laurentforet > > > http://www.devcoop.fr > > > > > > > > > On Fri, Jul 26, 2013 at 4:59 PM, Jeff MAURY <jeffma...@jeffmaury.com> > > > wrote: > > > > > > > I don't see why do you need of Mojo for that. > > > > > > > > Jeff > > > > > > > > > > > > On Fri, Jul 26, 2013 at 11:34 AM, Laurent Forêt < > > laurent.fo...@gmail.com > > > > >wrote: > > > > > > > > > Hello Davide, > > > > > > > > > > I had the same issue with signing applets. After a quick search, I > > > come > > > > > to the conclusion that we need to override the jarsigner plugin with > > > > > writing a new mojo which will use > > > > > use the maven archiver ( > > > > > http://maven.apache.org/shared/maven-archiver/index.html) and the > > > > > mecanism > > > > > of the dependency-plugin:copy to achieve this. > > > > > > > > > > If you find a better solution, I will be pleased to hear about that. > > > > > > > > > > > > > > > Laurent Forêt > > > > > @laurentforet > > > > > http://www.devcoop.fr > > > > > > > > > > > > > > > On Thu, Jul 25, 2013 at 2:30 PM, Davide Silvestre <d...@cdrator.com> > > > > wrote: > > > > > > > > > > > Hello, > > > > > > In Java 7u25 the following change has been introduced: > > > > > > > > > > > > > > > > > > > > http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/no_redeploy.html > > > > > > This requires that all the jars included in my webstart application > > > > have > > > > > 2 > > > > > > extra entries in their manifest files. > > > > > > I build and I sign the jars contained in my webstart application > > > using > > > > > the > > > > > > Webstart Maven Plugin version 1.0-beta-3. > > > > > > > > > > > > To solve this I should add the 2 new manifest entries in all the > > jars > > > > > used > > > > > > by my application, but this is not always possible, as most of my > > > > > > dependencies are already deployed in our Nexus repository and some > > of > > > > > them > > > > > > are thirdparty dependencies, coming from external repositories. > > > > > > > > > > > > Is there a way to add those entries in all my dependencies before > > > they > > > > > are > > > > > > signed? > > > > > > > > > > > > Thanks! > > > > > > David > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Jeff MAURY > > > > > > > > > > > > "Legacy code" often differs from its suggested alternative by actually > > > > working and scaling. > > > > - Bjarne Stroustrup > > > > > > > > http://www.jeffmaury.com > > > > http://riadiscuss.jeffmaury.com > > > > http://www.twitter.com/jeffmaury > > > > > > > > > > > > > > > -- > > Jeff MAURY > > > > > > "Legacy code" often differs from its suggested alternative by actually > > working and scaling. > > - Bjarne Stroustrup > > > > http://www.jeffmaury.com > > http://riadiscuss.jeffmaury.com > > http://www.twitter.com/jeffmaury > >
