The other day (just when I needed to release some software, and the stakes where high, of course..) I needed to just drop a JAR file on a Tomcat server and the testing could begin…where it not for the fact no one could start the jar file..I’m using a build.xml file with ANT in Eclipse, but the secret is having a good build.xml file 😉 .
When I ran the build file with ant, I got the following error:
Exception in thread “main” java.lang.SecurityException: Invalid signature file digest for Manifest main attributes.
The cause is the library jar files I use in my project (application 😉 ) are having expired keys..I know the need of singing the jar files, but why they expire so soon after the release…that is something I did not expect. I like to have my used libraries packed with my Jar file, so I know for sure the client has them, where I can find them and I know the version of the libraries with each release I do.
However, with a bit of googling I stumbled on this solution, which I didn’t know of before.
In my build file I used this syntax to add the libraries to my ow Jar file:
<zipfileset src="/usr/share/classpath/miglayout-swing.jar" />
But this inlcuded the manifest files of the jar lib. But when using the tip I’ve found and exclude the manifest file like this:
<zipfileset excludes="META-INF/**/*" src="/usr/share/classpath/miglayout-swing.jar" />
The problem is solved!
The other solution I did known of (and is quite a lot of work) is to un-jar all the attached library jar files, re-jar and resign those with my own key and include these..However this is NOT something you would like to do a lot, and I must say the suggestion done above is a lot easier.