Re: [tomcat] branch 10.0.x updated: Enable detached signatures for Windows installer

Thu, 09 Jun 2022 06:32:59 -0700 

On 09/06/2022 14:13, Christopher Schultz wrote:

Mark,

On 6/9/22 06:57, ma...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.0.x by this push:
      new 07196a3c45 Enable detached signatures for Windows installer
07196a3c45 is described below

commit 07196a3c45fcb3810a5cdf329d4a7f975ec426b3
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Mar 23 12:56:57 2022 +0000

     Enable detached signatures for Windows installer
---
  build.xml | 20 ++++++++++++++++++--
  1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/build.xml b/build.xml
index 2775b73fbc..840ae95ad5 100644
--- a/build.xml
+++ b/build.xml
@@ -2474,8 +2474,13 @@ skip.installer property in build.properties" />
          <include name="*.bmp" />
          <include name="*.ico" />
          <include name="*.xml" />
+        <include name="Uninstall.exe.sig" />
        </fileset>
      </copy>
+    <copy file="res/install-win/tomcat-installer.exe.sig"
+        tofile="${tomcat.release}/v${version}/bin/${final.name}.exe.sig"
+        failonerror="false"
+        quiet="true" />
      <copy file="${nsis.installoptions.dll}" todir="${tomcat.dist}" />
      <copy file="${nsis.nsexec.dll}" todir="${tomcat.dist}" />
      <copy file="${nsis.nsisdl.dll}" todir="${tomcat.dist}" />
@@ -2528,12 +2533,18 @@ skip.installer property in build.properties" />
    <target name="-installer-sign-uninstaller"
        unless="skip.installer" depends="-installer-create-uninstaller,setup-jsign" 
        if="${do.codesigning}">
+    <!-- If the detached signature doesn't exist, this will sign the file    --> +    <!-- and create the detached signature. If the detached signature does   --> +    <!-- exist it will be attached to the file.                              --> 
      <jsign file="${tomcat.dist}/Uninstall.exe"
          storepass="${codesigning.storepass}"
          storetype="${codesigning.storetype}"
          alias="${codesigning.alias}"
          alg="${codesigning.digest}"
-        tsaurl="http://timestamp.digicert.com"/>
+        tsaurl="http://timestamp.digicert.com";
+        detached="true"/>
Is the comment above accurate? This call to <jsign> looks like it should always create a detached signature and will never attach it. 

Yes, the comment is correct.

In short the release process will be:
ant pre-release
ant release
tag
ant release

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to