In order to avoid adding exceptions to a build when using pack200 signed jars (that should be NOT packed if they have not been -repacked upstream prior to signature) we could do the following test:
% pack200 --repack this.jar
% jarsigner -verify this.jar
If the jar is not verified at that step, then the jar SHOULD NOT be packed or its signature will no verify after pack/unpack.
Log in to post a comment.