|
- <!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
- <html>
-
- <head>
- <meta http-equiv="Content-Language" content="en-us">
- <link rel="stylesheet" type="text/css" href="../stylesheets/style.css">
- <title>SignJar Task</title>
- </head>
-
- <body>
-
- <h2><a name="signjar">SignJar</a></h2>
- <h3>Description</h3>
- <p>Signs JAR files with the <tt>jarsigner</tt> command line tool.
- It will take a named file in the <tt>jar</tt> attribute, and an optional
- <tt>destDir</tt> or <tt>signedJar</tt> attribute. Nested paths are also
- supported; here only an (optional) <tt>destDir</tt> is allowed. If a destination
- directory or explicit JAR file name is not provided, JARs are signed in place.
- </p>
- <p>
- Dependency rules
- </p>
- <ul>
- <li>Nonexistent destination JARs are created/signed</li>
- <li>Out of date destination JARs are created/signed</li>
- <li>If a destination file and a source file are the same,
- and <tt>lazy</tt> is true, the JAR is only signed if it does not
- contain a signature by this alias.</li>
- <li>If a destination file and a source file are the same,
- and <tt>lazy</tt> is false, the JAR is signed.</li>
- </ul>
-
- <h3>Parameters</h3>
- <table border="1" cellpadding="2" cellspacing="0">
- <tr>
- <td valign="top"><b>Attribute</b></td>
- <td valign="top"><b>Description</b></td>
- <td align="center" valign="top"><b>Required</b></td>
- </tr>
- <tr>
- <td valign="top">jar</td>
- <td valign="top">the jar file to sign</td>
- <td valign="top" align="center">Yes, unless nested paths have
- been used.</td>
- </tr>
- <tr>
- <td valign="top">alias</td>
- <td valign="top">the alias to sign under</td>
- <td valign="top" align="center">Yes.</td>
- </tr>
- <tr>
- <td valign="top">storepass</td>
- <td valign="top">password for keystore integrity.</td>
- <td valign="top" align="center">Yes.</td>
- </tr>
- <tr>
- <td valign="top">keystore</td>
- <td valign="top">keystore location</td>
- <td valign="top" align="center">No</td>
- </tr>
- <tr>
- <td valign="top">storetype</td>
- <td valign="top">keystore type</td>
- <td valign="top" align="center">No</td>
- </tr>
- <tr>
- <td valign="top">keypass</td>
- <td valign="top">password for private key (if different)</td>
- <td valign="top" align="center">No</td>
- </tr>
- <tr>
- <td valign="top">sigfile</td>
- <td valign="top">name of .SF/.DSA file</td>
- <td valign="top" align="center">No</td>
- </tr>
- <tr>
- <td valign="top">signedjar</td>
- <td valign="top">name of signed JAR file. This can only be set when
- the <tt>jar</tt> attribute is set.</td>
- <td valign="top" align="center">No.</td>
- </tr>
- <tr>
- <td valign="top">verbose</td>
- <td valign="top">(true | false) verbose output when signing</td>
- <td valign="top" align="center">No; default false</td>
- </tr>
- <tr>
- <td valign="top">internalsf</td>
- <td valign="top">(true | false) include the .SF file inside the signature
- block</td>
- <td valign="top" align="center">No; default false</td>
- </tr>
- <tr>
- <td valign="top">sectionsonly</td>
- <td valign="top">(true | false) don't compute hash of entire manifest</td>
- <td valign="top" align="center">No; default false</td>
- </tr>
- <tr>
- <td valign="top">lazy</td>
- <td valign="top">flag to control whether the presence of a signature
- file means a JAR is signed. This is only used when the target JAR matches
- the source JAR</td>
- <td valign="top" align="center">No; default false</td>
- </tr>
- <tr>
- <td valign="top">maxmemory</td>
- <td valign="top">Specifies the maximum memory the jarsigner VM will use. Specified in the
- style of standard java memory specs (e.g. 128m = 128 MBytes)</td>
- <td valign="top" align="center">No</td>
- </tr>
- <tr>
- <td valign="top">preservelastmodified</td>
- <td valign="top">Give the signed files the same last modified
- time as the original jar files.</td>
- <td valign="top" align="center">No; default false.</td>
- </tr>
- <tr>
- <td valign="top">tsaurl</td>
- <td valign="top">URL for a timestamp authority for timestamped
- JAR files in Java1.5+</td>
- <td valign="top" align="center">No</td>
- </tr>
- <tr>
- <td valign="top">tsacert</td>
- <td valign="top">alias in the keystore for a timestamp authority for
- timestamped JAR files in Java1.5+</td>
- <td valign="top" align="center">No</td>
- </tr>
-
- </table>
- <h3>Parameters as nested elements</h3>
- <table border="1" cellpadding="2" cellspacing="0">
- <tr>
- <td valign="top"><b>Attribute</b></td>
- <td valign="top"><b>Description</b></td>
- <td align="center" valign="top"><b>Required</b></td>
- </tr>
- <tr>
- <td valign="top">path</td>
- <td valign="top">path of JAR files to sign. <em>since Ant 1.7</em></td>
- <td valign="top" align="center">No</td>
- </tr>
- <tr>
- <td valign="top">fileset</td>
- <td valign="top">fileset of JAR files to sign. </td>
- <td valign="top" align="center">No</td>
- </tr>
- <tr>
- <td valign="top">mapper</td>
- <td valign="top">A mapper to rename jar files during signing</td>
- <td valign="top" align="center">No, and only one can be supplied</td>
- </tr>
- <tr>
- <td valign="top">sysproperty</td>
- <td valign="top">JVM system properties, with the syntax of Ant
- <a href="exec.html#env">environment variables</a> </td>
- <td valign="top" align="center">No, and only one can be supplied</td>
- </tr>
- </table>
-
-
- <h3>Examples</h3>
- <blockquote><pre>
- <signjar jar="${dist}/lib/ant.jar"
- alias="apache-group" storepass="secret"/>
- </pre></blockquote>
- <p>
- signs the ant.jar with alias "apache-group" accessing the
- keystore and private key via "secret" password.
- </p>
- <blockquote><pre>
- <signjar destDir="signed"
- alias="testonly" keystore="testkeystore"
- storepass="apacheant"
- preservelastmodified="true">
- <path>
- <fileset dir="dist" includes="**/*.jar" />
- </path>
- <flattenmapper />
- </signjar>
- </pre></blockquote>
- <p>
- Sign all JAR files matching the dist/**/*.jar pattern, copying them to the
- directory "signed" afterwards. The flatten mapper means that they will
- all be copied to this directory, not to subdirectories.
-
- </p>
- <blockquote><pre>
- <signjar
- alias="testonly" keystore="testkeystore"
- storepass="apacheant"
- lazy="true"
- >
- <path>
- <fileset dir="dist" includes="**/*.jar" />
- </path>
- </signjar>
- </pre></blockquote>
- <p>
- Sign all the JAR files in dist/**/*.jar <i>in-situ</i>. Lazy signing is used,
- so the files will only be signed if they are not already signed.
- </p>
- <h3>About timestamp signing</h3>
-
- <p>
- Timestamped JAR files are a new feature in Java1.5; a feature supported in Ant since
- Ant 1.7. Ant does not yet support proxy setup for this singing process, and
- the whole TSA feature is not tested yet. Furthermore, the
- <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/time-of-signing-beta1.html">
- official TSA documentation</a>
- warns that the API is subject to change. If a future version of Java changes the
- API, Ant will break. It may be possible to hide changes if and when they occur,
- but this can not be guaranteed.
- </p>
-
-
-
- </body>
- </html>
|
