How to make an Ant task to sign and pack200 all my JAR files?

java ant compression code-signing pack
neves picture neves · Jul 22, 2010 · Viewed 7.9k times · Source

My JAR files must be signed for a webstart application. It would be nice to also have them packed to minimize the download time. I'm trying to configure an Ant task to automatically do it during the deploy of the application. Since the pack process reorganizes the jar internal structure invalidating the signature, the Pack200 documentation recommends a 3 steps process:

  1. Repack the JAR with pack200
  2. Sign the JAR with jarsigner
  3. Compress JAR jar with pack200 generating an .jar.pack.gz file

Ant has a default signjar task, and Sun published a Pack200 ant task.

The problem is that Sun pack200 task just operate on one file at a time and the repack operation must specify an output file.

I believe it should be a fairly common operation, but my ant file is becoming overly complex and there's too many temporary files. Time to beg for the wisdom of the community:

Is there an easy or, at least, standard way to pack and sign all my JAR files?

Answer

neves picture neves · Aug 18, 2010

Here is my own solution. I've discarded the prebuild ant targets, and decided to run directly the pack200 executable.

This approach has some advantages:

  • it works (jarsigner was failing to verify some jars)
  • no dependencies besides the jdk
  • it doesn't spend a lot of time repacking already repacked jars
  • it can sign and repack the files inline, allowing me to put the signed version under version control. No need to sign twice.

Here is the code of the macro that repack and signs inline:

<macrodef name="repack-and-sign">
    <attribute name ="rootdir"/>
    <sequential>
            <echo message="Repacking libs in @{rootdir}"/>
        <apply executable="pack200" parallel="false">
            <arg value="--repack"/> 
            <arg value="--segment-limit=-1"/> 
            <fileset dir="@{rootdir}" includes="**/*.jar" />
        </apply>

        <echo message="Signing libs in @{rootdir}"/>
        <signjar 
            alias="${keystore.alias}" keystore="${keystore.file}" storepass="${keystore.password}"
            lazy="true">
            <path>
                <fileset dir="@{rootdir}" includes="**/*.jar" />
            </path>
        </signjar>
     </sequential>
</macrodef>

And here is how to pack:

    <apply executable="pack200" parallel="false" dest="${dir.tomcat.jar}">
        <arg value="--modification-time=latest"/>
        <arg value="--deflate-hint=true"/>
        <arg value="--segment-limit=-1"/>
        <targetfile/>
        <srcfile/>
        <fileset dir="${dir.tomcat.jar}" includes="**/*.jar" />
    <mapper type="glob" from="*" to="*.pack.gz" />
    </apply>

Edited to provide a little more info for people that don't know ant so well:

The task above goes before your tags. Inside your tag first put a call to the macro like this so that it first repacks and signs each file:

    <repack-and-sign rootdir="${dir.tomcat.jar}" />

Then follow that with the tag from above. This will do the final packing for each file.

Related questions

Why use Gradle instead of Ant or Maven?

What does another build tool targeted at Java really get me? If you use Gradle over another tool, why?

Read More
Unable to locate tools.jar

I am building a project in Java. I have this error: Unable to locate tools.jar. Expected to find it in C:\Program Files\Java\jre6\lib\tools.jar I have installed a JDK and the folder: C:\Program Files\…

Read More
ant warning: "'includeantruntime' was not set"

I receive the following warning: [javac] build.xml:9: warning: 'includeantruntime' was not set, defaulting to build.sysclasspath=last; set to false for repeatable builds What does this mean?

Read More