Erik
Hatcher
diff --git a/manual/Tasks/jar.html b/manual/Tasks/jar.html
index 83b2fd0fa..5d3ea38bf 100644
--- a/manual/Tasks/jar.html
+++ b/manual/Tasks/jar.html
@@ -48,7 +48,6 @@ multiple ones to merge together different trees of files into one JAR.
The extended fileset and groupfileset child elements from the zip task are
also available in the jar task.
See the Zip task for more details and examples.
-If the manifest is omitted, a simple one will be supplied by Apache Ant.
The update parameter controls what happens if the JAR
file already exists. When set to yes, the JAR file is
@@ -59,6 +58,8 @@ note that ZIP files store file modification times with a granularity
of two seconds. If a file is less than two seconds newer than the
entry in the archive, Ant will not consider it newer.
+If the manifest is omitted, a simple one will be supplied by Apache Ant.
+
The whenmanifestonly parameter controls what happens when no
files, apart from the manifest file, or nested services, match.
If skip, the JAR is not created and a warning is issued.
@@ -73,12 +74,12 @@ attribute of a zipfileset in a Zip task. The one difference is that if the
include an empty one for you.)
Manifests are processed by the Jar task according to the
-Jar file specification.
+Jar file specification.
Note in particular that this may result in manifest lines greater than 72 bytes
being wrapped and continued on the next line.
The Jar task checks whether you specified package information according to the
-
+
versioning specification.
Please note that the zip format allows multiple files of the same
@@ -87,6 +88,8 @@ documented as causing various problems for unsuspecting users. If you wish
to avoid this behavior you must set the duplicate attribute
to a value other than its default, "add".
+To cryptographically sign your JAR file, use the SignJar task on the JAR that you create from this task.
+
Parameters
@@ -196,7 +199,7 @@ to a value other than its default, "add".
| index |
whether to create an index
+ HREF="http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html#JAR_Index">index
list to speed up classloading. This is a JDK 1.3+ specific
feature. Unless you specify additional jars with nested indexjars elements, only the
@@ -211,7 +214,7 @@ to a value other than its default, "add".
false.
Sun's jar implementation used to skip the META-INF directory and
Ant followed that example. The behavior has been changed with
- Java
+ Java
5. In order to avoid problems with Ant generated jars on
Java 1.4 or earlier Ant will not include META-INF unless
explicitly asked to.
@@ -391,8 +394,8 @@ depend on your manifest:
The nested service element specifies a service.
- Services are described by
- http://download.oracle.com/javase/1.5.0/docs/guide/jar/jar.html#Service%20Provider.
+ Services are described in the
+ service provider overview.
The approach is to have providers JARs include files named by the service
provided, for example,
META-INF/services/javax.script.ScriptEngineFactory
@@ -516,6 +519,10 @@ by Java).
<jar destfile="test.jar" basedir=".">
<include name="build"/>
<manifest>
+ <!-- If this is an Applet or Web Start application, include
+ the proper attributes from http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/index.html -->
+ <attribute name="Permissions" value="sandbox"/>
+ <attribute name="Codebase" value="example.com"/>
<!-- Who is building this jar? -->
<attribute name="Built-By" value="${user.name}"/>
<!-- Information about the program itself -->
@@ -535,11 +542,13 @@ property ${user.name}. The manifest produced by the above would look like this:
Manifest-Version: 1.0
+Permissions: sandbox
+Codebase: example.com
Built-By: conor
Implementation-Vendor: ACME inc.
Implementation-Title: GreatProduct
Implementation-Version: 1.0.0beta2
-Created-By: Apache Ant 1.7.0
+Created-By: Apache Ant 1.9.2
Name: common/MyClass.class
Sealed: false
diff --git a/manual/Tasks/signjar.html b/manual/Tasks/signjar.html
index d73f73f48..0c317f548 100644
--- a/manual/Tasks/signjar.html
+++ b/manual/Tasks/signjar.html
@@ -26,7 +26,8 @@
Description
-Signs JAR files with the jarsigner command line tool.
+ Signing a jar allows users to authenticate the publisher.
+Signs JAR files with the jarsigner command line tool.
It will take a named file in the jar attribute, and an optional
destDir or signedJar attribute. Nested paths are also
supported; here only an (optional) destDir is allowed. If a destination
@@ -206,6 +207,7 @@ block
|
Examples
+For instructions on generating a code signing certificate, see the keytool documentation and/or instructions from your certificate authority.
<signjar jar="${dist}/lib/ant.jar"
alias="apache-group" storepass="secret"/>
@@ -266,12 +268,21 @@ SHA256withRSA.
About timestamp signing
+Timestamps record the date and time that a signature took place, allowing the signature to be verified as of that point in time.
+With trusted timestamping, users can verify that signing occurred before a certificate's expiration or revocation. Without this timestamp, users can only verify the signature as of their current date.
+
-Timestamped JAR files are a new feature in Java1.5; a feature supported in Ant since
+Timestamped JAR files were introduced in Java1.5 and supported in Ant since
Ant 1.7. Ant does not yet support proxy setup for this signing process.
-
+Common public timestamp authorities include
+
+ - http://timestamp.verisign.com
+ - http://tsa.starfieldtech.com
+ - https://timestamp.geotrust.com/tsa
+ - Others (see your certificate authority)
+