|

»

How do I sign the JAR files again?

View: New views

4 Messages — Rating Filter: Alert me

	How do I sign the JAR files again? by Jason Smith-11 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hey, can anyone help me out here? I'm building from SVN, and the build does not seem to be signing the JAR files. I even tried "build -f build/scripts/jarsigner.xml" before a "dist-war". Nothing doing. "exist.jar" doesn't contain any signature information. So here is how I am building right now: >build >build dist-war There used to be an extra step to sign the JAR files, but it looks like that has been included in the ANT script. What am I missing? Thanks! I'd like to get this working before the release. Jason Smith ________________________________________ From: Jason Smith [jsmith@...] Sent: Tuesday, November 10, 2009 12:41 PM To: exist-open@... Subject: Re: [Exist-open] New RC release? I just built from /trunk and my custom code badly broke because someone else has mapped /services to Apache Axis, apparently. It gives me a nice SOAPy error message. I can fix it, but it worked fine with 1.4rc-rev10028. This is a pretty major change from 1.4rc. There are BIG new features in /trunk that weren't in 1.4rc. The reason you would put out an RC is so that people have a chance to evaluate what you have before you commit to the release version. What you have, right now, is significantly different from 1.4rc. There are all kinds of opportunities to break things. I'm not suggesting that you stop all development while this is going on. By all means, create a branch, drop an RC, and see what happens. If this code is stable (as we hope), you release exactly what you branched a couple of weeks earlier. If something significant pops up, you have a chance to fix it before it goes live. The additional time merely gives you an extra chance to evaluate and accept or reject any bug reports that come in. And for the record, there are those of us who aren't a lot of companies and who actually try out new releases as they come out. :-) I run a couple of hundred (and growing) automated tests against eXist in testing my application, built on eXist. I spend a fair amount of time reading your source code. There are a couple of other guys here that do the same with different kinds of tests. We'd like a chance to help you evaluate the 1.4 release before it becomes a release. The better your release, the better our software looks. Yes, it's selfish philanthropy. Jason Smith ________________________________________ From: Wolfgang Meier [wolfgang@...] Sent: Tuesday, November 10, 2009 12:04 PM To: Jason Smith Cc: Exist Open ML Subject: Re: [Exist-open] New RC release? > +1 on the RC as opposed to a 1.4 final release. Given the number of changes since the RC, the > codebase can't be called "stable" at that point. Personally, I hate final releases and I always have to be forced to make a cut ;-) However, I spent the past 4 weeks to get the release stable. I worked through all issues I had flagged as critical and all major problems which were reported since the release candidate have been fixed. I have been very careful not to accept changes which could really destabilize eXist's core. I rejected a few commits or postponed missing features. The new features which I let pass are outside eXist's core (the XSLT code is not even integrated in any way and I checked every single commit in other areas). I would thus say it is very unlikely that the trunk will be more stable in a few weeks than it is now. It is a huge amount of work to coordinate a release like this. Right now, most stuff has been tested over and over again. It will be difficult to repeat this procedure. Finally, I think it is very important that users start the migration from 1.2 to 1.4 now. The new release fixes some very critical issues which repeatedly led to serious problems in the past. I can't really recommend to continue with 1.2 (unless you are sure you'll never hit the problematic features). > But please don't release before we, the eXist user community, have had a chance to test this one last time, in a state that you deem to be stable and ready to release. I think this is somehow a hen and egg problem: a lot of companies will not start their own test procedures before the final release is out. I understand they want a fixed, non-changing version to test against and they have been asking me for a stable release since months. Well, fortunately, not just a few users are also running SVN trunk in production. Those are the ones who start crying immediately if something serious is broken. If the community really wants it, I'm ready to relabel the release to RC2 and will communicate that. Personally, I think the current 1.4 will definitely be better than any release before, even if we find that 1.4.1 has to follow soon. Wolfgang ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Exist-open mailing list Exist-open@... https://lists.sourceforge.net/lists/listinfo/exist-open ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Exist-open mailing list Exist-open@... https://lists.sourceforge.net/lists/listinfo/exist-open
	Re: How do I sign the JAR files again? by Loren Cahlander :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message You can always do a build -p to find all of the build targets. I use the *jnlp-sign-all* target. $ ./build.sh -p Starting Ant... Buildfile: build.xml eXist Open Source Native XML Database Main targets: all Build all clean Cleanup clean-all Cleanup deeper compile Compiles the source code compile-tomcat-realm Compile the Tomcat realm dist-tgz Create dist-tgz dist-war Create war file dist-zip Create dist-zip download-additional-jars Download optional third-party jar files. download-xqts Download XQTS file. eXist XQuery Parser.all do all eXist XQuery Parser.clean clean up eXist XQuery Parser.clean-all clean harder eXist XQuery Parser.compile compile eXist XQuery Parser.javadocs generate documentation installer Create installer installer-exe Create .exe from installer jar Create eXist unsigned jar files javadocs Create javadoc jdepend Run jdepend jetty-keygen Generate keystore for jetty. jnlp-clean Delete new files. jnlp-keygen Generate keystore for signing jars. jnlp-pack200 Pack all jar files. jnlp-sign-all Sign all jar files. jnlp-sign-core Sign all CORE jar files. jnlp-sign-exist Sign all EXIST jar files. jnlp-unsign-all Unsign all jar files. pmd Run PMD rebuild Rebuild all samples Build samples snapshot-installer Create snapshot installer svn-diff Make patch. svn-download Download latest SVN library. svn-update Update project from SubVersion archive. test Run jUnit tests Default target: all On Nov 10, 2009, at 02:06 PM, Jason Smith wrote: Hey, can anyone help me out here? I'm building from SVN, and the build does not seem to be signing the JAR files. I even tried "build -f build/scripts/jarsigner.xml" before a "dist-war". Nothing doing. "exist.jar" doesn't contain any signature information. So here is how I am building right now: build build dist-war There used to be an extra step to sign the JAR files, but it looks like that has been included in the ANT script. What am I missing? Thanks! I'd like to get this working before the release. Jason Smith ________________________________________ From: Jason Smith [jsmith@...] Sent: Tuesday, November 10, 2009 12:41 PM To: exist-open@... Subject: Re: [Exist-open] New RC release? I just built from /trunk and my custom code badly broke because someone else has mapped /services to Apache Axis, apparently. It gives me a nice SOAPy error message. I can fix it, but it worked fine with 1.4rc-rev10028. This is a pretty major change from 1.4rc. There are BIG new features in /trunk that weren't in 1.4rc. The reason you would put out an RC is so that people have a chance to evaluate what you have before you commit to the release version. What you have, right now, is significantly different from 1.4rc. There are all kinds of opportunities to break things. I'm not suggesting that you stop all development while this is going on. By all means, create a branch, drop an RC, and see what happens. If this code is stable (as we hope), you release exactly what you branched a couple of weeks earlier. If something significant pops up, you have a chance to fix it before it goes live. The additional time merely gives you an extra chance to evaluate and accept or reject any bug reports that come in. And for the record, there are those of us who aren't a lot of companies and who actually try out new releases as they come out. :-) I run a couple of hundred (and growing) automated tests against eXist in testing my application, built on eXist. I spend a fair amount of time reading your source code. There are a couple of other guys here that do the same with different kinds of tests. We'd like a chance to help you evaluate the 1.4 release before it becomes a release. The better your release, the better our software looks. Yes, it's selfish philanthropy. Jason Smith ________________________________________ From: Wolfgang Meier [wolfgang@...] Sent: Tuesday, November 10, 2009 12:04 PM To: Jason Smith Cc: Exist Open ML Subject: Re: [Exist-open] New RC release? +1 on the RC as opposed to a 1.4 final release. Given the number of changes since the RC, the codebase can't be called "stable" at that point. Personally, I hate final releases and I always have to be forced to make a cut ;-) However, I spent the past 4 weeks to get the release stable. I worked through all issues I had flagged as critical and all major problems which were reported since the release candidate have been fixed. I have been very careful not to accept changes which could really destabilize eXist's core. I rejected a few commits or postponed missing features. The new features which I let pass are outside eXist's core (the XSLT code is not even integrated in any way and I checked every single commit in other areas). I would thus say it is very unlikely that the trunk will be more stable in a few weeks than it is now. It is a huge amount of work to coordinate a release like this. Right now, most stuff has been tested over and over again. It will be difficult to repeat this procedure. Finally, I think it is very important that users start the migration from 1.2 to 1.4 now. The new release fixes some very critical issues which repeatedly led to serious problems in the past. I can't really recommend to continue with 1.2 (unless you are sure you'll never hit the problematic features). But please don't release before we, the eXist user community, have had a chance to test this one last time, in a state that you deem to be stable and ready to release. I think this is somehow a hen and egg problem: a lot of companies will not start their own test procedures before the final release is out. I understand they want a fixed, non-changing version to test against and they have been asking me for a stable release since months. Well, fortunately, not just a few users are also running SVN trunk in production. Those are the ones who start crying immediately if something serious is broken. If the community really wants it, I'm ready to relabel the release to RC2 and will communicate that. Personally, I think the current 1.4 will definitely be better than any release before, even if we find that 1.4.1 has to follow soon. Wolfgang ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Exist-open mailing list Exist-open@... https://lists.sourceforge.net/lists/listinfo/exist-open ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Exist-open mailing list Exist-open@... https://lists.sourceforge.net/lists/listinfo/exist-open ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Exist-open mailing list Exist-open@... https://lists.sourceforge.net/lists/listinfo/exist-open
	Re: How do I sign the JAR files again? by Jason Smith-11 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Okay, I think there may be a bug in the build. "dist-war" depends on "webapps" which depends on "jar". "jar" rebuilds exist.jar, start.jar, etc. Let me illustrate. Even if I specify that the exist files should be signed, the "dist-war" target comes along and rebuilds them. Is this a bug, or am I doing something incorrectly? I was able to get this to sign and distribute only by removing the dependency on target "jar" temporarily. C:\workspace\exist\trunk\eXist>build jnlp-sign-exist dist-war eXist Build ------------------- JAVA_HOME=c:\apps\jdk1.6.0 EXIST_HOME=C:\workspace\exist\trunk\eXist _LIBJARS=C:\apps\Documentum\dctm.jar;C:\Documentum\config;C:\workspace\exist\trunk\eXist\tools\ant\lib\ant-launcher.jar;C:\workspace\exist\trunk\eXist\tools\ant\lib\junit-4.5.jar;c:\apps\jdk1.6.0\lib\tools.jar Starting Ant... ECHO is off. Buildfile: build.xml jnlp-prepare: jnlp-keygen: jnlp-sign-exist: [signjar] Signing JAR: C:\workspace\exist\trunk\eXist\exist-fluent.jar to C:\workspace\exist\trunk\eXist\exist-fluent.jar as exist [signjar] Enter Passphrase for keystore: [signjar] Signing JAR: C:\workspace\exist\trunk\eXist\exist-optional.jar to C:\workspace\exist\trunk\eXist\exist-optional.jar as exist [signjar] Enter Passphrase for keystore: [signjar] Signing JAR: C:\workspace\exist\trunk\eXist\exist.jar to C:\workspace\exist\trunk\eXist\exist.jar as exist [signjar] Enter Passphrase for keystore: [signjar] Signing JAR: C:\workspace\exist\trunk\eXist\start.jar to C:\workspace\exist\trunk\eXist\start.jar as exist [signjar] Enter Passphrase for keystore: svn-prepare: prepare: [echo] ------------------------- [echo] eXist 1.4.0 build [echo] ------------------------- [echo] SVN revision 0000 [echo] [echo] Apache Ant version 1.7.1 compiled on June 27 2008 [echo] ------------------------- [echo] [echo] basedir=C:\workspace\exist\trunk\eXist [copy] Copying 1 file to C:\workspace\exist\trunk\eXist\webapp [copy] Copying 1 file to C:\workspace\exist\trunk\eXist\webapp\xquery compile: [echo] Compiling with Java 1.6 from 1.5 source to 1.5 target, debug on, optimize on, deprecation off compile-tomcat-realm: [echo] Compiling Tomcat Realm with Java 1.6 from 1.5 source to 1.5 target, debug on, optimize on, deprecation off jar: [copy] Copying 1 file to C:\workspace\exist\trunk\eXist\build\classes\org\exist [echo] Creating exist.jar ... [jar] Building jar: C:\workspace\exist\trunk\eXist\exist.jar [echo] Creating start.jar ... [jar] Building jar: C:\workspace\exist\trunk\eXist\start.jar [echo] Creating exist-optional.jar ... [jar] Building jar: C:\workspace\exist\trunk\eXist\exist-optional.jar webapps: dist-war: [war] Building war: C:\workspace\exist\trunk\eXist\dist\exist-1.4.0-rev0000.war BUILD SUCCESSFUL Total time: 14 seconds Jason Smith From: Loren Cahlander [loren.cahlander@...] Sent: Tuesday, November 10, 2009 1:25 PM To: Jason Smith Cc: Loren Cahlander; exist-open@... Subject: Re: [Exist-open] How do I sign the JAR files again? You can always do a build -p to find all of the build targets. I use the *jnlp-sign-all* target. $ ./build.sh -p Starting Ant... Buildfile: build.xml eXist Open Source Native XML Database Main targets: all Build all clean Cleanup clean-all Cleanup deeper compile Compiles the source code compile-tomcat-realm Compile the Tomcat realm dist-tgz Create dist-tgz dist-war Create war file dist-zip Create dist-zip download-additional-jars Download optional third-party jar files. download-xqts Download XQTS file. eXist XQuery Parser.all do all eXist XQuery Parser.clean clean up eXist XQuery Parser.clean-all clean harder eXist XQuery Parser.compile compile eXist XQuery Parser.javadocs generate documentation installer Create installer installer-exe Create .exe from installer jar Create eXist unsigned jar files javadocs Create javadoc jdepend Run jdepend jetty-keygen Generate keystore for jetty. jnlp-clean Delete new files. jnlp-keygen Generate keystore for signing jars. jnlp-pack200 Pack all jar files. jnlp-sign-all Sign all jar files. jnlp-sign-core Sign all CORE jar files. jnlp-sign-exist Sign all EXIST jar files. jnlp-unsign-all Unsign all jar files. pmd Run PMD rebuild Rebuild all samples Build samples snapshot-installer Create snapshot installer svn-diff Make patch. svn-download Download latest SVN library. svn-update Update project from SubVersion archive. test Run jUnit tests Default target: all On Nov 10, 2009, at 02:06 PM, Jason Smith wrote: Hey, can anyone help me out here? I'm building from SVN, and the build does not seem to be signing the JAR files. I even tried "build -f build/scripts/jarsigner.xml" before a "dist-war". Nothing doing. "exist.jar" doesn't contain any signature information. So here is how I am building right now: build build dist-war There used to be an extra step to sign the JAR files, but it looks like that has been included in the ANT script. What am I missing? Thanks! I'd like to get this working before the release. Jason Smith ________________________________________ From: Jason Smith [jsmith@...] Sent: Tuesday, November 10, 2009 12:41 PM To: exist-open@... Subject: Re: [Exist-open] New RC release? I just built from /trunk and my custom code badly broke because someone else has mapped /services to Apache Axis, apparently. It gives me a nice SOAPy error message. I can fix it, but it worked fine with 1.4rc-rev10028. This is a pretty major change from 1.4rc. There are BIG new features in /trunk that weren't in 1.4rc. The reason you would put out an RC is so that people have a chance to evaluate what you have before you commit to the release version. What you have, right now, is significantly different from 1.4rc. There are all kinds of opportunities to break things. I'm not suggesting that you stop all development while this is going on. By all means, create a branch, drop an RC, and see what happens. If this code is stable (as we hope), you release exactly what you branched a couple of weeks earlier. If something significant pops up, you have a chance to fix it before it goes live. The additional time merely gives you an extra chance to evaluate and accept or reject any bug reports that come in. And for the record, there are those of us who aren't a lot of companies and who actually try out new releases as they come out. :-) I run a couple of hundred (and growing) automated tests against eXist in testing my application, built on eXist. I spend a fair amount of time reading your source code. There are a couple of other guys here that do the same with different kinds of tests. We'd like a chance to help you evaluate the 1.4 release before it becomes a release. The better your release, the better our software looks. Yes, it's selfish philanthropy. Jason Smith ________________________________________ From: Wolfgang Meier [wolfgang@...] Sent: Tuesday, November 10, 2009 12:04 PM To: Jason Smith Cc: Exist Open ML Subject: Re: [Exist-open] New RC release? +1 on the RC as opposed to a 1.4 final release. Given the number of changes since the RC, the codebase can't be called "stable" at that point. Personally, I hate final releases and I always have to be forced to make a cut ;-) However, I spent the past 4 weeks to get the release stable. I worked through all issues I had flagged as critical and all major problems which were reported since the release candidate have been fixed. I have been very careful not to accept changes which could really destabilize eXist's core. I rejected a few commits or postponed missing features. The new features which I let pass are outside eXist's core (the XSLT code is not even integrated in any way and I checked every single commit in other areas). I would thus say it is very unlikely that the trunk will be more stable in a few weeks than it is now. It is a huge amount of work to coordinate a release like this. Right now, most stuff has been tested over and over again. It will be difficult to repeat this procedure. Finally, I think it is very important that users start the migration from 1.2 to 1.4 now. The new release fixes some very critical issues which repeatedly led to serious problems in the past. I can't really recommend to continue with 1.2 (unless you are sure you'll never hit the problematic features). But please don't release before we, the eXist user community, have had a chance to test this one last time, in a state that you deem to be stable and ready to release. I think this is somehow a hen and egg problem: a lot of companies will not start their own test procedures before the final release is out. I understand they want a fixed, non-changing version to test against and they have been asking me for a stable release since months. Well, fortunately, not just a few users are also running SVN trunk in production. Those are the ones who start crying immediately if something serious is broken. If the community really wants it, I'm ready to relabel the release to RC2 and will communicate that. Personally, I think the current 1.4 will definitely be better than any release before, even if we find that 1.4.1 has to follow soon. Wolfgang ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Exist-open mailing list Exist-open@... https://lists.sourceforge.net/lists/listinfo/exist-open ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Exist-open mailing list Exist-open@... https://lists.sourceforge.net/lists/listinfo/exist-open ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Exist-open mailing list Exist-open@... https://lists.sourceforge.net/lists/listinfo/exist-open
	Re: How do I sign the JAR files again? by Wolfgang Meier-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message > Let me illustrate. Even if I specify that the exist files should be signed, > the "dist-war" target comes along and rebuilds them. This is bad indeed. "dist-war" should not rebuild the jars. Ok, this means I need to upload another build. I hope it's the last one now. Wolfgang ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Exist-open mailing list Exist-open@... https://lists.sourceforge.net/lists/listinfo/exist-open