| Re: [tycho-user] [tycho-jnlp-plugin] Signing RCP eclipse applications with JDK 1.7 |
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<version>1.2</version>
<executions>
<execution>
<id>sign</id>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<keystore>...path-to-key-file.../sign.p12</keystore>
<alias>...alias...</alias>
<storetype>pkcs12</storetype>
<arguments>
<argument>-sigalg</argument>
<argument>MD5withRSA</argument><argument>-digestalg</argument>
<argument>SHA1</argument>
</arguments>
</configuration>
</plugin>
Hi,
I use tycho to build a Java Web Start application with RCP. Everything
works with JDK 1.6. I updated from JDK 1.6 to JDK 1.7.
Everything builds with JDK 1.7 but an error occurs when I try to execute
the jnlp file from a web server. The error is :
jarsigner: java.lang.SecurityException: invalid SHA1 signature file
digest
I have also this error when I verify the jar signature with 'jarsigner
-verify -verbose -certs /path/to/file.jar'
I found that I should use the option '-digestalg SHA1' for the jarsigner
executable. From JDK 1.6 to JDK 1.7, the default value for the
'-digestalg' option has changed from SHA-1 to SHA256. I tried to
manually sign a jar by adding this option to the jarsigner command line
executed by maven. The signature file seems then correct when I try to
verify it.
I can't find a way to indicate to add this option in my pom.xml file.
According to the source code of JarsignerMojo.java, It does not seem
possible.
Is there a way to add this option to jarsigner command line generated by
tycho ?
Thanks for your help
Guillaume
_______________________________________________
tycho-user mailing list
tycho-user@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/tycho-user
Tonny Madsen