jarsigner and jar bizarreness

I am using Java 1.4.2_02-b03 on Windows (2000) and experience the following very strange behaviour, when trying to jarsign some archives to be used for Webstart…

Suppose the classes are in a folder named “packagename”.

Method A) Pack the JAR file with the following command:

jar -cf App.jar packagename

jar -tf App.jar
packagename/Mainclass.class
packagename/subpackage/
packagename/subpackage/Another.class

Now jarsign it and and verify it. Results in this report:

jarsigner -verify App.jar
Note: This jar contains unsigned entries which are not integrity-checked. Re-run with -verbose to list unsigned entries.

jarsigner -verify App.jar
smk   1023 Wed Feb 25 22:30:18 CET 2004 packagename/Mainclass.class
         0 Wed Feb 25 22:29:44 CET 2004 packagename/subpackage/
smk   1972 Wed Feb 25 22:37:42 CET 2004 packagename/subpackage/Another.class

Method B) Pack the JAR file with the following command:

jar -cf App.jar packagename/*

jar -tf App.jar
packagename/Mainclass.class
packagename/subpackage/Another.class

Now jarsign it and verify it: everything is fine!

So the additional empty package names (=folders) in the JAR file of case A) cause the trouble? Why?

When I use the “-C” command for packing a JAR file, the folder names are always being included, and so the jarsigning fails.

Would anybody who use Webstart JARs successfully like to test the following (takes less than 30 secs ?

• jar -cf Test.jar a_small_folder

• jarsigner Test.jar Yourkey

• jarsigner -verify Test.jar

Does it report an error then?

{Edit: Corrected from jarsign to jarsigner :-}

Presumably you mean “jarsigner” not “jarsign”. If so, it works fine for me. No errors reported.

Kev

[quote]Presumably you mean “jarsigner” not “jarsign”.
[/quote]
Yes, you’re right. Edited.

[quote]If so, it works fine for me. No errors reported.
[/quote]
Interesting…

With JDK v1.4.2 I get the message:[quote]
Note: This jar contains unsigned entries which are not integrity-checked. Re-run with -ver
bose to list unsigned entries.
[/quote]
This means just the folder entries (taking 0 bytes). I’ve just emptied the enire Webstart cache (manually) and tried to load my so signed JAR from Web and this time it worked (despite the above quoted “jarsigner -verify” message…)

Well well… verstehe wer will.

Sigh, problem solved by installing the newest Java 1.4.2_04 version…

Changelog states :
…
4931281 Regression: jarsigner fails to verify the jar files
…

Now everything works fine.

And now it’s there again.
The installation of the mentioned new Java version solved the problem for some time.

I guess I am the only one with that problem…?
(But hey, as my quoted Java 1.4.2_04 changelog shows, it solved the bug I’ve been seeing; so there has been a problem…)

How many versions of java do you have installed? Are you sure it’s using the correct one?

Have you installed the 1.5 beta? Because the last time I checked it I had problems with jarsigner.

Apart from that I don’t really have any ideas

Will.

[quote]How many versions of java do you have installed? Are you sure it’s using the correct one?

Have you installed the 1.5 beta? Because the last time I checked it I had problems with jarsigner.

Apart from that I don’t really have any ideas
[/quote]
Will, thanks for your reply. It helped my a lot - indirectly.

I’m using one Java version, the latest release version of Java 1.4.2. However since the jarsigner problem has been removed with this version I made some further tests now (because I know it worked some weeks ago) and now I found the problem:
In case there’s a single file with non Ascii chars in its filename, which you include into your jar file, the command “jarsigner -verify bla.jar” fails, and so does Webstart.
Is this a Jar bug? OK, it’s a not a big problem to avoid non-ascii chars in files to be included with your Webstart jar file, but because no error is being printed when you pack the jar file, it can cause some time to find the problem…