youys
/
ant
Not watched
1
0
Fork 1
Code
Releases 0 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: a5796b5db0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a5796b5db0'
${ noResults }
ant/manual/Tasks/signjar.html

325 lines
11 KiB
Raw Blame History 

  1. <!--

  2.    Licensed to the Apache Software Foundation (ASF) under one or more

  3.    contributor license agreements.  See the NOTICE file distributed with

  4.    this work for additional information regarding copyright ownership.

  5.    The ASF licenses this file to You under the Apache License, Version 2.0

  6.    (the "License"); you may not use this file except in compliance with

  7.    the License.  You may obtain a copy of the License at

  8. 

  9.        http://www.apache.org/licenses/LICENSE-2.0

  10. 

  11.    Unless required by applicable law or agreed to in writing, software

  12.    distributed under the License is distributed on an "AS IS" BASIS,

  13.    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  14.    See the License for the specific language governing permissions and

  15.    limitations under the License.

  16. -->

  17. <html>

  18. 

  19. <head>

  20. <meta http-equiv="Content-Language" content="en-us">

  21. <link rel="stylesheet" type="text/css" href="../stylesheets/style.css">

  22. <title>SignJar Task</title>

  23. </head>

  24. 

  25. <body>

  26. 

  27. <h2><a name="signjar">SignJar</a></h2>

  28. <h3>Description</h3>

  29. <p>Signing a jar allows users to authenticate the publisher.</p>

  30. <p>Signs JAR files with the <a target="_blank" href="http://docs.oracle.com/javase/7/docs/technotes/tools/windows/jarsigner.html"><tt>jarsigner</tt> command line tool</a>.

  31. It will take a named file in the <tt>jar</tt> attribute, and an optional

  32. <tt>destDir</tt> or <tt>signedJar</tt> attribute. Nested paths are also

  33. supported; here only an (optional) <tt>destDir</tt> is allowed. If a destination

  34. directory or explicit JAR file name is not provided, JARs are signed in place.

  35. </p>

  36. <p>

  37. Dependency rules

  38. </p>

  39. <ul>

  40. <li>Nonexistent destination JARs are created/signed</li>

  41. <li>Out of date destination JARs are created/signed</li>

  42. <li>If a destination file and a source file are the same,

  43. and <tt>lazy</tt> is true, the JAR is only signed if it does not

  44. contain a signature by this alias.</li>

  45. <li>If a destination file and a source file are the same,

  46. and <tt>lazy</tt> is false, the JAR is signed.</li>

  47. </ul>

  48. 

  49. <h3>Parameters</h3>

  50. <table border="1" cellpadding="2" cellspacing="0">

  51.   <tr>

  52.     <td valign="top"><b>Attribute</b></td>

  53.     <td valign="top"><b>Description</b></td>

  54.     <td align="center" valign="top"><b>Required</b></td>

  55.   </tr>

  56.   <tr>

  57.     <td valign="top">jar</td>

  58.     <td valign="top">the jar file to sign</td>

  59.     <td valign="top" align="center">Yes, unless nested paths have

  60.       been used.</td>

  61.   </tr>

  62.   <tr>

  63.     <td valign="top">alias</td>

  64.     <td valign="top">the alias to sign under</td>

  65.     <td valign="top" align="center">Yes.</td>

  66.   </tr>

  67.   <tr>

  68.     <td valign="top">storepass</td>

  69.     <td valign="top">password for keystore integrity. Ant will not use

  70.     the <code>-storepass</code> command line argument but send the

  71.     password to jarsigner when it prompts for it.</td>

  72.     <td valign="top" align="center">Yes.</td>

  73.   </tr>

  74.   <tr>

  75.     <td valign="top">keystore</td>

  76.     <td valign="top">keystore location</td>

  77.     <td valign="top" align="center">No</td>

  78.   </tr>

  79.   <tr>

  80.     <td valign="top">storetype</td>

  81.     <td valign="top">keystore type</td>

  82.     <td valign="top" align="center">No</td>

  83.   </tr>

  84.   <tr>

  85.     <td valign="top">keypass</td>

  86.     <td valign="top">password for private key (if different)</td>

  87.     <td valign="top" align="center">No</td>

  88.   </tr>

  89.   <tr>

  90.     <td valign="top">sigfile</td>

  91.     <td valign="top">name of .SF/.DSA file</td>

  92.     <td valign="top" align="center">No</td>

  93.   </tr>

  94.   <tr>

  95.     <td valign="top">signedjar</td>

  96.     <td valign="top">name of signed JAR file. This can only be set when

  97.     the <tt>jar</tt> attribute is set.</td>

  98.     <td valign="top" align="center">No.</td>

  99.   </tr>

  100.   <tr>

  101.     <td valign="top">verbose</td>

  102.     <td valign="top">(true | false) verbose output when signing</td>

  103.     <td valign="top" align="center">No; default false</td>

  104.   </tr>

  105.   <tr>

  106.     <td valign="top">strict</td>

  107.     <td valign="top">(true | false) strict checking when signing.<br/><em>since Ant 1.9.1</em>.</td>

  108.     <td valign="top" align="center">No; default false</td>

  109.   </tr>

  110.   <tr>

  111.     <td valign="top">internalsf</td>

  112.     <td valign="top">(true | false) include the .SF file inside the signature

  113. block</td>

  114.     <td valign="top" align="center">No; default false</td>

  115.   </tr>

  116.   <tr>

  117.     <td valign="top">sectionsonly</td>

  118.     <td valign="top">(true | false) don't compute hash of entire manifest</td>

  119.     <td valign="top" align="center">No; default false</td>

  120.   </tr>

  121.   <tr>

  122.     <td valign="top">lazy</td>

  123.     <td valign="top">flag to control whether the presence of a signature

  124.   file means a JAR is signed. This is only used when the target JAR matches

  125.   the source JAR</td>

  126.     <td valign="top" align="center">No; default false</td>

  127.   </tr>

  128.   <tr>

  129.     <td valign="top">maxmemory</td>

  130.     <td valign="top">Specifies the maximum memory the jarsigner VM will use. Specified in the

  131.                      style of standard java memory specs (e.g. 128m = 128 MBytes)</td>

  132.     <td valign="top" align="center">No</td>

  133.   </tr>

  134.   <tr>

  135.     <td valign="top">preservelastmodified</td>

  136.     <td valign="top">Give the signed files the same last modified

  137.       time as the original jar files.</td>

  138.     <td valign="top" align="center">No; default false.</td>

  139.   </tr>

  140.   <tr>

  141.     <td valign="top">tsaurl</td>

  142.     <td valign="top">URL for a timestamp authority for timestamped

  143.     JAR files in Java1.5+</td>

  144.     <td valign="top" align="center">No</td>

  145.   </tr>

  146.   <tr>

  147.     <td valign="top">tsacert</td>

  148.     <td valign="top">alias in the keystore for a timestamp authority for

  149.     timestamped JAR files in Java1.5+</td>

  150.     <td valign="top" align="center">No</td>

  151.   </tr>

  152.   <tr>

  153.     <td valign="top">tsaproxyhost</td>

  154.     <td valign="top">proxy host to be used when connecting to TSA server</td>

  155.     <td valign="top" align="center">No</td>

  156.   </tr>

  157.   <tr>

  158.     <td valign="top">tsaproxyport</td>

  159.     <td valign="top">proxy port to be used when connecting to TSA server</td>

  160.     <td valign="top" align="center">No</td>

  161.   </tr>

  162.   <tr>

  163.     <td valign="top">executable</td>

  164.     <td valign="top">Specify a particular <code>jarsigner</code> executable

  165.       to use in place of the default binary (found in the same JDK as

  166.       Apache Ant is running in).<br/>

  167.       Must support the same command line options as the Sun JDK

  168.       jarsigner command.

  169.       <em>since Ant 1.8.0</em>.</td>

  170.     <td align="center" valign="top">No</td>

  171.   </tr>

  172.   <tr>

  173.     <td valign="top">force</td>

  174.     <td valign="top">Whether to force signing of the jar file even if

  175.       it doesn't seem to be out of date or already signed.

  176.       <em>since Ant 1.8.0</em>.</td>

  177.     <td align="center" valign="top">No; default false</td>

  178.   </tr>

  179.   <tr>

  180.     <td valign="top">sigalg</td>

  181.     <td valign="top">name of signature algorithm</td>

  182.     <td valign="top" align="center">No</td>

  183.   </tr>

  184.   <tr>

  185.     <td valign="top">digestalg</td>

  186.     <td valign="top">name of digest algorithm</td>

  187.     <td valign="top" align="center">No</td>

  188.   </tr>

  189.   <tr>

  190.     <td valign="top">providername</td>

  191.     <td valign="top">name of a cryptographic service provider's name

  192.       when listed in the security properties file.

  193.       <em>since Ant 1.9.14</em>.</td>

  194.     <td valign="top" align="center">No</td>

  195.   </tr>

  196.   <tr>

  197.     <td valign="top">providerclass</td>

  198.     <td valign="top">name of a cryptographic service provider's master

  199.       class file when the service provider is not listed in the security

  200.       properties file.

  201.       <em>since Ant 1.9.14</em>.</td>

  202.     <td valign="top" align="center">No</td>

  203.   </tr>

  204.   <tr>

  205.     <td valign="top">providerarg</td>

  206.     <td valign="top">Represents an optional string input argument for

  207.       the constructor of provider_class_name. Ignored

  208.       if <code>providerclass</code> is not set.

  209.       <em>since Ant 1.9.14</em>.</td>

  210.     <td valign="top" align="center">No</td>

  211.   </tr>

  212. </table>

  213. <h3>Parameters as nested elements</h3>

  214. <table border="1" cellpadding="2" cellspacing="0">

  215.   <tr>

  216.     <td valign="top"><b>Attribute</b></td>

  217.     <td valign="top"><b>Description</b></td>

  218.     <td align="center" valign="top"><b>Required</b></td>

  219.   </tr>

  220.   <tr>

  221.     <td valign="top">path</td>

  222.     <td valign="top">path of JAR files to sign. <em>since Ant 1.7</em></td>

  223.     <td valign="top" align="center">No</td>

  224.   </tr>

  225.   <tr>

  226.     <td valign="top">fileset</td>

  227.     <td valign="top">fileset of JAR files to sign. </td>

  228.     <td valign="top" align="center">No</td>

  229.   </tr>

  230.   <tr>

  231.     <td valign="top">mapper</td>

  232.     <td valign="top">A mapper to rename jar files during signing</td>

  233.     <td valign="top" align="center">No, and only one can be supplied</td>

  234.   </tr>

  235.   <tr>

  236.     <td valign="top">sysproperty</td>

  237.     <td valign="top">JVM system properties, with the syntax of Ant

  238.     <a href="exec.html#env">environment variables</a> </td>

  239.     <td valign="top" align="center">No, and only one can be supplied</td>

  240.   </tr>

  241.  </table>

  242. 

  243. 

  244. <h3>Examples</h3>

  245. <p>For instructions on generating a code signing certificate, see the <a target="_blank" href="http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html">keytool documentation</a> and/or instructions from your certificate authority.</p>

  246.   <blockquote><pre>

  247. &lt;signjar jar=&quot;${dist}/lib/ant.jar&quot;

  248. alias=&quot;apache-group&quot; storepass=&quot;secret&quot;/&gt;

  249. </pre></blockquote>

  250. <p>

  251.   signs the ant.jar with alias &quot;apache-group&quot; accessing the

  252.   keystore and private key via &quot;secret&quot; password.

  253. </p>

  254.   <blockquote><pre>

  255. &lt;signjar destDir="signed"

  256.     alias="testonly" keystore="testkeystore"

  257.     storepass="apacheant"

  258.     preservelastmodified="true"&gt;

  259.   &lt;path&gt;

  260.     &lt;fileset dir="dist" includes="**/*.jar" /&gt;

  261.   &lt;/path&gt;

  262.   &lt;flattenmapper /&gt;

  263. &lt;/signjar&gt;

  264. </pre></blockquote>

  265. <p>

  266. Sign all JAR files matching the dist/**/*.jar pattern, copying them to the

  267. directory "signed" afterwards. The flatten mapper means that they will

  268. all be copied to this directory, not to subdirectories.

  269. 

  270. </p>

  271.   <blockquote><pre>

  272. &lt;signjar

  273.     alias="testonly" keystore="testkeystore"

  274.     storepass="apacheant"

  275.     lazy="true"

  276.     &gt;

  277.   &lt;path&gt;

  278.     &lt;fileset dir="dist" includes="**/*.jar" /&gt;

  279.   &lt;/path&gt;

  280. &lt;/signjar&gt;

  281. </pre></blockquote>

  282. <p>

  283. Sign all the JAR files in dist/**/*.jar <i>in-situ</i>. Lazy signing is used,

  284. so the files will only be signed if they are not already signed.

  285. </p>

  286.   <blockquote><pre>

  287. &lt;signjar

  288.     alias="testonly" keystore="testkeystore"

  289.     storepass="apacheant"

  290.     sigalg="MD5withRSA"

  291.     digestalg="SHA1"&gt;

  292.   &lt;path&gt;

  293.     &lt;fileset dir="dist" includes="**/*.jar" /&gt;

  294.   &lt;/path&gt;

  295. &lt;/signjar&gt;

  296. </pre></blockquote>

  297. <p>

  298. Sign all the JAR files in dist/**/*.jar using the digest algorithm SHA1 and the

  299. signature algorithm MD5withRSA. This is especially useful when you want to use

  300. the JDK 7 jarsigner (which uses SHA256 and SHA256withRSA as default) to create

  301. signed jars that will be deployed on platforms not supporting SHA256 and

  302. SHA256withRSA.

  303. </p>

  304. <h3>About timestamp signing</h3>

  305. 

  306. <p>Timestamps record the date and time that a signature took place, allowing the signature to be verified as of that point in time.

  307. With trusted timestamping, users can verify that signing occurred before a certificate's expiration or revocation. Without this timestamp, users can only verify the signature as of their current date.</p>

  308. 

  309. <p>

  310. Timestamped JAR files were introduced in Java1.5 and supported in Ant since

  311. Ant 1.7. Since Ant 1.9.5, Ant can use unauthenticated proxies for this signing process.

  312. </p>

  313. 

  314. <p>Common public timestamp authorities include

  315.   <ul>

  316.     <li>http://timestamp.verisign.com</li>

  317. 	<li>http://tsa.starfieldtech.com</li>

  318. 	<li>https://timestamp.geotrust.com/tsa</li>

  319. 	<li>Others (see your certificate authority)</li>

  320.   </ul></p>

  321. 

  322. </body>

  323. </html>
Please read the following content carefully:

Dear OpenI User

Thank you for your continuous support to the Openl Qizhi Community AI Collaboration Platform. In order to protect your usage rights and ensure network security, we updated the Openl Qizhi Community AI Collaboration Platform Usage Agreement in January 2024. The updated agreement specifies that users are prohibited from using intranet penetration tools. After you click "Agree and continue", you can continue to use our services. Thank you for your cooperation and understanding.

For more agreement content, please refer to the《Openl Qizhi Community AI Collaboration Platform Usage Agreement》

Agree and continue
Disagree, exit