[
https://jira.codehaus.org/browse/MSHARED-314?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tony Chemit updated MSHARED-314:
--------------------------------
Summary: Unsigning a jar is not correct (was: Unsign jar still have some
signatures in the manisfest)
> Unsigning a jar is not correct
> ------------------------------
>
> Key: MSHARED-314
> URL: https://jira.codehaus.org/browse/MSHARED-314
> Project: Maven Shared Components
> Issue Type: Bug
> Components: maven-jarsigner
> Affects Versions: maven-jarsigner-1.2
> Reporter: Tony Chemit
> Assignee: Tony Chemit
> Fix For: maven-jarsigner-1.3
>
>
> when unsigning a jar, we must remove of the signatures files from the
> META-INF package + remove any signing attributes (like SHA1-DIGEST ones).
> The problem occurs in fact when a jar was signed by jdk6, unsign it, then
> resign it with a jdk7.
> since the digest algorithm since jdk7 is no more the same, we still have some
> entry in the manifest which does not match the effective signing...
> the best way to remove this is just to clean the manisfest file.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
