Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Plugin Development Environment (PDE) » Headless Build, Signed JARs and Timestamps
Headless Build, Signed JARs and Timestamps [message #628727] Thu, 23 September 2010 19:14 Go to next message
James Peltzer is currently offline James PeltzerFriend
Messages: 43
Registered: July 2009
Member
Hi all,
I have a code signing certificate with timestamp support which I require to
sign JARs for my application. I do this because my end-user will not likely
have internet access and is also unlikely to update their software very
frequently. As a result, timetamped signed code is very useful as it will
prevent warnings even after my certificate expires provided that the code
was signed before the expiry.

I notice that the properties file used for the headless build has properties
for the alias, keystore, storepass, and keypass but doesn't seem to provide
a mechanism to specify the timestamp authority URL (the -tsa option in the
jarsigner). Is there any mechanism to use timestamped signatures?

James
Re: Headless Build, Signed JARs and Timestamps [message #631701 is a reply to message #628727] Fri, 08 October 2010 14:02 Go to previous message
James Peltzer is currently offline James PeltzerFriend
Messages: 43
Registered: July 2009
Member
I'll go ahead and reply to myself here. It looks like the best way to do
this is to use the ant "signjar" task.
You would call it from the postAssemble target of your customTargets.xml
file.

I also toyed with the customAssembly.xml figuring the "postJar" task would
be a good spot to do it but found that this task is never getting called.

"James Peltzer" <jpeltzer@hotmail.com> wrote in message
news:i7g8tg$j9n$1@news.eclipse.org...
> Hi all,
> I have a code signing certificate with timestamp support which I require
> to sign JARs for my application. I do this because my end-user will not
> likely have internet access and is also unlikely to update their software
> very frequently. As a result, timetamped signed code is very useful as it
> will prevent warnings even after my certificate expires provided that the
> code was signed before the expiry.
>
> I notice that the properties file used for the headless build has
> properties for the alias, keystore, storepass, and keypass but doesn't
> seem to provide a mechanism to specify the timestamp authority URL
> (the -tsa option in the jarsigner). Is there any mechanism to use
> timestamped signatures?
>
> James
>
>
Previous Topic:Debug Configuration
Next Topic:Open View via Context Menu Action
Goto Forum:
  


Current Time: Wed Nov 26 14:34:00 GMT 2014

Powered by FUDForum. Page generated in 0.01636 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software