Uploaded image for project: 'Maven Shared Components'
  1. Maven Shared Components
  2. MSHARED-314

Unsigning a jar is not correct

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • maven-jarsigner-1.2
    • maven-jarsigner-1.3
    • maven-jarsigner
    • None

    Description

      when unsigning a jar, we must remove of the signatures files from the META-INF package + remove any signing attributes (like SHA1-DIGEST ones).

      The problem occurs in fact when a jar was signed by jdk6, unsign it, then resign it with a jdk7.

      since the digest algorithm since jdk7 is no more the same, we still have some entry in the manifest which does not match the effective signing...

      the best way to remove this is just to clean the manisfest file.

      Attachments

        Issue Links

          is depended upon by

          Bug - A problem which impairs or prevents the functions of the product. MJARSIGNER-21 jars signed using Java 7 have "invalid SHA1 signature"

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              tchemit Tony Chemit
              tchemit Tony Chemit
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: