Signing JAR files is a very good practice. And while a proper certificate is not worth the price and effort, self-signing is still a step in the right direction.
Ever since Java 5 jarsigner supported a Time Stamping Authority (TSA) with the --tsa and --tsacert parameters. A Time Stamping Authority is basically an online digital notary that certifies the point in time the jar was signed -- it is designed to prevent signing files after the certificate expired.
It turns out that while you can sign NetBeans modules using the FAQ steps, there is no support in the build harness for a TSA.
I found bug #243213 which also mentions NBM problems and I submitted a patch there.
So, if you want to also add a timestamp to your NBMs, apply this small patch on top of your NetBeans source repository and rebuild NetBeans.
Then, you just have to define in nbproject/project.properties another key with your TSA (I'm using StartSSL's here):
tsaurl=http://tsa.startssl.com/rfc3161
Ever since Java 5 jarsigner supported a Time Stamping Authority (TSA) with the --tsa and --tsacert parameters. A Time Stamping Authority is basically an online digital notary that certifies the point in time the jar was signed -- it is designed to prevent signing files after the certificate expired.
It turns out that while you can sign NetBeans modules using the FAQ steps, there is no support in the build harness for a TSA.
I found bug #243213 which also mentions NBM problems and I submitted a patch there.
So, if you want to also add a timestamp to your NBMs, apply this small patch on top of your NetBeans source repository and rebuild NetBeans.
Then, you just have to define in nbproject/project.properties another key with your TSA (I'm using StartSSL's here):
tsaurl=http://tsa.startssl.com/rfc3161
No comments:
Post a Comment