使用 sign4j 和 jsign 在 ant 中签署 launch4j 可执行文件 [英] Sign a launch4j executable in ant with sign4j and jsign

问题描述

我在 Jar 中有一个应用程序，我用 launch4j 将它包装在一个 exe 中，因此用户很容易启动它(在 Windows 中).我有一个证书，所以我对 jar 进行了签名(我不知道这是否真的有必要，因为它将被包装在 exe 中)并且我想对 exe 进行签名，但它损坏了可执行文件.

I have an application in a Jar and I wrap it in a exe with launch4j so is easy for the user to launch it (in windows). I have a certificate, so I sign the jar (I don't know if this is really necessary because it will be wrapped inside the exe) and I want to sign the exe but it corrupt the executable.

我使用 ant 来完成所有的过程，看起来像:

I use ant to make all the process and look like:

<signjar jar="${jar.location}" alias="${key.alias}" storetype="pkcs12" keystore="${key.file}" storepass="${key.password}" tsaurl="https://timestamp.geotrust.com/tsa" />

<launch4j configFile="launch4j_configuration.xml" fileversion="${version}.0" txtfileversion="${build}" productversion="${version}.0" txtproductversion="${build}" outfile="${exe.location}" jar="${jar.location}" />

<signexe file="${exe.location}" alias="${key.alias}" storetype="pkcs12" keystore="${key.file}" storepass="${key.password}" tsaurl="http://timestamp.verisign.com/scripts/timstamp.dll" />

我发现这是因为当您签署 exe 时，它​​破坏了 jar 结构或类似的东西.但是我也看到了launch4j文件夹里面有一个sign4j文件夹，里面有我认为可以解决这个问题的程序.

I have found that is because when you sign the exe it broke the jar structure or something like this. But what I have also seen is that inside the launch4j folder is a sign4j folder that contains what I think is a program that solve this problem.

我现在的问题是这个程序怎么用?以及如何将其集成到 ant 脚本中以对 exe 进行签名?

My problem now is how is used this program? And how can I integrate it in the ant script to sign the exe?

文件夹中的 README.txt 文件对我没有帮助.对不起，如果这很明显但对我来说不清楚.另请注意，我使用的是 Ubuntu.

The README.txt file in the folder doesn't helped to me. Sorry if this so obvious but isn't clear for me. Also note that I'm using Ubuntu.

推荐答案

我发现您必须使用签名命令作为参数来执行 sign4j 命令.类似的东西:

What I have found is that you must execute the sign4j command with the signing command as its argument. Something like:

sign4j jsign -s keyfile.p12 -a "(codesign_1091_es_sw_kpsc)" --storepass AVERYGOODPASSWORD --storetype pkcs12 -n MyProgram -u https://www.example.com MyProgram.exe

因此，要将其集成到 ant 中，您需要创建一个 exec 任务.例如，类似于:

So, to integrate it into ant, you need to create an exec task. For example, something like:

<exec executable="sign4j">
  <arg line="java -jar jsign-1.2.jar -s ${key.file} -a ${key.alias} --storepass ${key.password} --storetype pkcs12 ${exe.location}"/>
</exec>

它也适用于其他签名工具，例如来自 Microsoft 的验证码……

It works also with other signing tools like for example authenticode from Microsoft, too ...

<exec executable="launch4j/sign4j/sign4j.exe">
    <arg line="signtool.exe sign /fd SHA256 /f mycert.pfx /p foobar /t http://timestamp.verisign.com/scripts/timstamp.dll dist\myapp.exe"/>
</exec>

这篇关于使用 sign4j 和 jsign 在 ant 中签署 launch4j 可执行文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！