Home  About Me  Projects  Resume  Contact

Unsign a JAR with Ant

I was working on the build system today and came across this Ant macro I wrote a while ago. It unsigns a JAR by removing all signatures from the manifest and re-jar'ing it. This is useful if you want to deploy your application via Webstart and want to include all JARs inside one JNLP file, instead of using JNLP extensions for JARs with different signatures. Simply unsign all JARs and then re-sign them with your own signature.

Since there is no straight-forward way to do this in Ant I had to write my own macro. This might come in useful to other people, so I decided to post it: 

<macrodef name="unsignjar">
	
    <attribute name="jar"/>
    	
    <sequential>
	<!-- Remove any existing signatures from a JAR file. -->
	<tempfile prefix="usignjar-" destdir="${java.io.tmpdir}" property="temp.file"/>
        <echo message="Removing signatures from JAR: @{jar}"/>
        <mkdir dir="${temp.file}"/>
	        
        <unjar src="@{jar}" dest="${temp.file}">
            <patternset>
                <include name="**"/>
                <exclude name="META-INF/*.SF"/>
                <exclude name="META-INF/*.DSA"/>
                <exclude name="META-INF/*.RSA"/>
            </patternset>
        </unjar>
	        
        <delete file="@{jar}" failonerror="true"/>
	        
        <!-- Touch it in case the file didn't have a manifest.
             Otherwise the JAR task below will fail if the manifest 
	     file doesn't exist. -->
        <mkdir dir="${temp.file}/META-INF"/>
        <touch file="${temp.file}/META-INF/MANIFEST.MF"/>
	        
        <jar destfile="@{jar}" 
            basedir="${temp.file}" 
            includes="**" 
            manifest="${temp.file}/META-INF/MANIFEST.MF"/>
	        
        <delete dir="${temp.file}" failonerror="true"/>
    </sequential>
</macrodef>

To use the macro:

  <unsignjar jar="/some/location/file.jar"/>
By frank at 2007-04-04 22:23 | | frank's blog | add new comment

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

re-sign many files using a fileset

This is how you would use a fileset in Ant to unsign and then re-sign many JARs: 
<for param="file">
    <path>
        <fileset dir="lib" includes="**/*.jar"/>
    </path>
    <sequential>
        <antcall target="unsignjar">
            <param name="jar" value="@{file}"/>
        </antcall>
        <signjar
            jar="@{file}"
            alias="myalias"
            storepass="mypass"
            keystore="keystore"/>
    </sequential>
</for>
By frank at Thu, 2008-01-10 13:54 | reply

Couldn't make fileset example work

Hi Frank,

Thank you for contributing this.
I couldn't make the fileset example work.
I don't know where to place the "for" tag. Inside a task? Inside another macrodef?
Could you please provide an usage example?

Thanks in advance.

Jonathas

By Jonathas (not verified) at Mon, 2008-08-18 05:03 | reply

use it inside another target

Hi Jonathas, you would use the "for" tag directly inside a target. For example:

<target name="blah">
  <for param="file">
    ...
  </for>
</target>

By frank at Wed, 2008-09-03 08:34 | reply

Thanks!

Hi there,

I ran across this very problem, and this ant task gave me all I needed to handle it.

Thanks very much for a very useful post.

Patrick
--

By Patrick Carroll (not verified) at Thu, 2007-05-17 08:03 | reply

unsign jars in ant

please have a look at http://code.google.com/p/existdb-contrib/wiki/ASOCAT ....

By DiZzZz (not verified) at Thu, 2007-04-19 02:13 | reply