jarsigner 在 java 中不工作,因此构建失败
jarsigner is not working in java , therefor the build fails
jarsigner 在 java 中不工作,因此构建失败
[signjar] jarsigner: unable to sign jar: no response from the Timestamping Authority. When connecting from behind a firewall an HTTP or HTTPS proxy may need to be specified. Supply the following options to jarsigner:
[signjar] -J-Dhttp.proxyHost=<hostname>
[signjar] -J-Dhttp.proxyPort=<portnumber>
[signjar] or
[signjar] -J-Dhttps.proxyHost=<hostname>
[signjar] -J-Dhttps.proxyPort=<portnumber>
项目构建路径没有错误。所有依赖项都导入到构建路径中。
这是我理解的问题:
- 您正在尝试使用 Ant“build.xml”文件构建项目。
- 您正在从 Eclipse 中运行构建。
- 您正在 运行在无法访问 Internet 的 VM 中使用 Eclipse。
- 当
jarsigner 尝试与时间戳授权机构 (TSA) 对话时,在 JAR 签名期间构建失败。需要 Internet 访问才能与 TSA 交谈。
Also I am not sure why is this error encountered.
这是因为你正在尝试使用签名时间戳,和你的构建系统没有直接的互联网访问,和您没有以适当的方式提供 http 或 https 代理供 jarsigner 使用。
有几种方法可以解决这个问题。 (以下是根据文档,我没有测试过。)
如果您有可用的互联网代理:
最简单的方法是编辑“build.xml”中的“signjar”任务并添加“tsaproxyhost”和“tsaproxyport”属性,如Ant manual中所述。
如果您在命令行1 上构建,您应该能够按照 Proxy Configuration 的 Ant 说明进行操作。 (有两种做法...)
如果您 运行 使用 Eclipse 构建,那么您可以找到用于 运行 Ant 的 Eclipse“运行ner”配置,然后按照上一个项目符号添加命令行。
(我认为关于 -J-D... 选项的错误消息来自 jarsigner 实用程序本身。该建议仅在您 运行ning jarsigner 直接从命令行。当然,这是另一种选择。)
如果您没有可用的代理(或者您受够了),另一种选择是编辑“signjar”任务以禁用签名。删除“tsaurl”和“tsacert”属性应该可以做到。
禁用时间戳将为您提供一个没有签名时间戳的签名 JAR。 Oracle Signature Timestamp Support 文档解释了其重要性:
"Prior to J2SE 5.0, the signature generated by jarsigner contained no information about w hen the signature was generated. With no other information available, systems/deployers (including users of the Java Plug-in) often based their validity assessment of a signed JAR file on the validity of the signing certificate. When the signing certificate expires, systems/deployers conclude that the signature, and hence, the JAR file, has expired. Because signing certificates typically expire annually, this caused customers significant problems by forcing them to re-sign deployed JAR files annually.
Starting in J2SE 5.0, jarsigner can generate signatures that include a timestamp, thus enabling systems/deployer (including Java Plug-in) to check whether the JAR file was signed while the signing certificate was still valid. In addition, APIs were added in J2SE 5.0 to allow applications to obtain the timestamp information."
1 - 我建议您下载并安装一个独立的 Ant,这样您就可以 运行 从命令行构建。
jarsigner 在 java 中不工作,因此构建失败
[signjar] jarsigner: unable to sign jar: no response from the Timestamping Authority. When connecting from behind a firewall an HTTP or HTTPS proxy may need to be specified. Supply the following options to jarsigner:
[signjar] -J-Dhttp.proxyHost=<hostname>
[signjar] -J-Dhttp.proxyPort=<portnumber>
[signjar] or
[signjar] -J-Dhttps.proxyHost=<hostname>
[signjar] -J-Dhttps.proxyPort=<portnumber>
项目构建路径没有错误。所有依赖项都导入到构建路径中。
这是我理解的问题:
- 您正在尝试使用 Ant“build.xml”文件构建项目。
- 您正在从 Eclipse 中运行构建。
- 您正在 运行在无法访问 Internet 的 VM 中使用 Eclipse。
- 当
jarsigner尝试与时间戳授权机构 (TSA) 对话时,在 JAR 签名期间构建失败。需要 Internet 访问才能与 TSA 交谈。
Also I am not sure why is this error encountered.
这是因为你正在尝试使用签名时间戳,和你的构建系统没有直接的互联网访问,和您没有以适当的方式提供 http 或 https 代理供 jarsigner 使用。
有几种方法可以解决这个问题。 (以下是根据文档,我没有测试过。)
如果您有可用的互联网代理:
最简单的方法是编辑“build.xml”中的“signjar”任务并添加“tsaproxyhost”和“tsaproxyport”属性,如Ant manual中所述。
如果您在命令行1 上构建,您应该能够按照 Proxy Configuration 的 Ant 说明进行操作。 (有两种做法...)
如果您 运行 使用 Eclipse 构建,那么您可以找到用于 运行 Ant 的 Eclipse“运行ner”配置,然后按照上一个项目符号添加命令行。
(我认为关于 -J-D... 选项的错误消息来自 jarsigner 实用程序本身。该建议仅在您 运行ning jarsigner 直接从命令行。当然,这是另一种选择。)
如果您没有可用的代理(或者您受够了),另一种选择是编辑“signjar”任务以禁用签名。删除“tsaurl”和“tsacert”属性应该可以做到。
禁用时间戳将为您提供一个没有签名时间戳的签名 JAR。 Oracle Signature Timestamp Support 文档解释了其重要性:
"Prior to J2SE 5.0, the signature generated by jarsigner contained no information about w hen the signature was generated. With no other information available, systems/deployers (including users of the Java Plug-in) often based their validity assessment of a signed JAR file on the validity of the signing certificate. When the signing certificate expires, systems/deployers conclude that the signature, and hence, the JAR file, has expired. Because signing certificates typically expire annually, this caused customers significant problems by forcing them to re-sign deployed JAR files annually.
Starting in J2SE 5.0, jarsigner can generate signatures that include a timestamp, thus enabling systems/deployer (including Java Plug-in) to check whether the JAR file was signed while the signing certificate was still valid. In addition, APIs were added in J2SE 5.0 to allow applications to obtain the timestamp information."
1 - 我建议您下载并安装一个独立的 Ant,这样您就可以 运行 从命令行构建。