[jira] Commented: (MWEBSTART-1) [webstart] deal with already signed jars

    [ 
http://jira.codehaus.org/browse/MWEBSTART-1?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_85953
 ] 

Ken Geis commented on MWEBSTART-1:
----------------------------------

I'd like to help get unsigning functionality in there.  I downloaded the plugin 
from SVN and tried compiling it.  When running JarUnsignMojoTest, I get this:

Running org.codehaus.mojo.webstart.JarUnsignMojoTest
[debug] keytool executable=[C:\Program Files 
(x86)\Java\jre1.6.0\..\bin\keytool.exe]
[debug] mdkirs: false c:\DOCUME~1\KENGEI~1\LOCALS~1\Temp
[debug] Executing: "C:\Program Files (x86)\Java\jre1.6.0\..\bin\keytool.exe" 
-genkey -dname "CN=CN, OU=OU, L=L, ST=ST, O=O, C=C" -alias test -keypass 123456 
-keystore c:\DOCUME~1\KENGEI~1\LOCALS~1\Temp\keystore -storepass 123456
[warn] 'C:\Program' is not recognized as an internal or external command,
[warn] operable program or batch file.

This is a problem in plexus, and is equivalent to 
http://jira.codehaus.org/browse/MJAR-49.

> [webstart] deal with already signed jars
> ----------------------------------------
>
>                 Key: MWEBSTART-1
>                 URL: http://jira.codehaus.org/browse/MWEBSTART-1
>             Project: Maven 2.x Webstart Plugin
>          Issue Type: New Feature
>            Reporter: Jerome Lacoste
>         Assigned To: Jerome Lacoste
>             Fix For: 1.0-alpha-2
>
>         Attachments: MWEBSTART-1-test.sh
>
>
> There are potential issues when dealing with including such already signed 
> jars in a webstart application.
> In particular see:
> http://jira.codehaus.org/browse/MOJO-7#action_49160
> and the relevant m1 jnlp issues:
> http://jira.codehaus.org/browse/MPJNLP-20
> http://jira.codehaus.org/browse/MPJNLP-28
> According to the feedback I got on the maven user list, I think that, in 
> order to satisfy everybody, we need to:
> - handle already signed jars (MPJNLP-28)
>   - primarily we need the possibility to unsign a jar. That will probably go 
> to jar:unsign.
>   - optionally avoid signing jars that are already signed.
> - optionally clean the Manifest (maven1 jnlp feature, to work around SDK 1.3 
> issue - See MPJNLP-20)
> Did I miss something?
> Now how do we present that to the user?
> We could:
> - assume that every jar will be signed by default
> - let the user list the operation to perform, maybe using something like:
>   <sign>
>     <dname>...</dname>
>     ...
>     <unsign>
>       <dependency>...</dependency>
>     </unsign>
>     <skipSignedJars>true<skipSignedJars>
>     <cleanManifest>true</cleanManifest>
>   </sign>
> Does that look correct?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe from this list please visit:

    http://xircles.codehaus.org/manage_email