Headless Build, Signed JARs and Timestamps [message #628727] |
Thu, 23 September 2010 15:14  |
Eclipse User |
|
|
|
Hi all,
I have a code signing certificate with timestamp support which I require to
sign JARs for my application. I do this because my end-user will not likely
have internet access and is also unlikely to update their software very
frequently. As a result, timetamped signed code is very useful as it will
prevent warnings even after my certificate expires provided that the code
was signed before the expiry.
I notice that the properties file used for the headless build has properties
for the alias, keystore, storepass, and keypass but doesn't seem to provide
a mechanism to specify the timestamp authority URL (the -tsa option in the
jarsigner). Is there any mechanism to use timestamped signatures?
James
|
|
|
Re: Headless Build, Signed JARs and Timestamps [message #631701 is a reply to message #628727] |
Fri, 08 October 2010 10:02  |
Eclipse User |
|
|
|
I'll go ahead and reply to myself here. It looks like the best way to do
this is to use the ant "signjar" task.
You would call it from the postAssemble target of your customTargets.xml
file.
I also toyed with the customAssembly.xml figuring the "postJar" task would
be a good spot to do it but found that this task is never getting called.
"James Peltzer" <jpeltzer@hotmail.com> wrote in message
news:i7g8tg$j9n$1@news.eclipse.org...
> Hi all,
> I have a code signing certificate with timestamp support which I require
> to sign JARs for my application. I do this because my end-user will not
> likely have internet access and is also unlikely to update their software
> very frequently. As a result, timetamped signed code is very useful as it
> will prevent warnings even after my certificate expires provided that the
> code was signed before the expiry.
>
> I notice that the properties file used for the headless build has
> properties for the alias, keystore, storepass, and keypass but doesn't
> seem to provide a mechanism to specify the timestamp authority URL
> (the -tsa option in the jarsigner). Is there any mechanism to use
> timestamped signatures?
>
> James
>
>
|
|
|
Powered by
FUDForum. Page generated in 0.03575 seconds