This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
Created attachment 119590 [details] screen shot of signing error and output message I am createing new project which works fine with default configuration. But when I select it as web start with self signing, the application does not start. If we look at the output message, it shows the NetBeans is signing only two of the JAR files used in the project instead of all. Not sure why it's happening and due to this I can't deploy them for end user's next patch. It gives error saying "JAR resources in JNLP file are not signed by same certificate". Not sure, if this is some local system issue as I have tried to reinstall java and netbeans on my computer. Any help would be appreaciated. Thanks.
Output Message: Deleting: C:\java\RLStorePOS\build\built-jar.properties deps-jar: Updating property file: C:\java\RLStorePOS\build\built-jar.properties compile: Copy libraries to C:\java\RLStorePOS\dist\lib. Building jar: C:\java\RLStorePOS\dist\RLStorePOS.jar To run this application from the command line without Ant, try: javaws "C:\java\RLStorePOS\dist\launch.jnlp" jnlp: sign-jars: Signing JAR: C:\java\RLStorePOS\dist\RLStorePOS.jar to C:\java\RLStorePOS\dist\RLStorePOS.jar as nb-jws Warning: The signer certificate will expire within six months. Enter Passphrase for keystore: Enter key password for nb-jws: Signing JAR: C:\java\RLStorePOS\dist\lib\mysql-connector-java-5.1.13-bin.jar to C:\java\RLStorePOS\dist\lib\mysql-connector-java-5.1.13-bin.jar as nb-jws Warning: The signer certificate will expire within six months. Enter Passphrase for keystore: Enter key password for nb-jws: Signing JAR: C:\java\RLStorePOS\dist\lib\swing-layout-1.0.4.jar to C:\java\RLStorePOS\dist\lib\swing-layout-1.0.4.jar as nb-jws Warning: The signer certificate will expire within six months. Enter Passphrase for keystore: Enter key password for nb-jws: generate-jnlp: Copying 1 file to C:\java\RLStorePOS\dist Deleting: C:\java\RLStorePOS\dist\launch.jnlp_ generate-html-preview: jar: jws-run: BUILD SUCCESSFUL (total time: 8 seconds)
Why is this assigned to psomol? Seems to me to be a straightforward bug in the javawebstart module: some input JARs are already signed (right?), meaning their signature either needs to be overwritten, or they need to be segregated to their own JNLP subdescriptor.
>Why is this assigned to psomol? Seems to me to be a straightforward bug in the javawebstart module. You have answered it yourself. Because Petr Somol is the webstart and javafx plugins owner. It has nothing in common with generic j2se project.
> Because Petr Somol is the webstart and javafx plugins owner. True. Plus IDE general->UEX. Regarding this issue I understand the problem appears when self-signing is set in both the respective project and the dependent libraries, what leads to generation of separate keys in each of the build processes..
>generation of separate keys in each of the build processes.. Right, this is the problem.
(In reply to comment #3) > Petr Somol is the webstart and javafx plugins owner Sorry, did not realize that. (In reply to comment #4) > generation of separate keys in each of the build processes Could be that, or could be use of third-party libs with their own signatures; report does not contain a test case to tell the difference. In any event, the probable issue is that JNLP only permits one signature to be used for the JARs listed in a given *.jnlp file (though the app may contain multiple *.jnlp). org.netbeans.nbbuild.MakeJNLP (for NBM apps) handles this by automatically segregating JARs with existing signatures; the alternative is to delete the existing signature and resign.
I have checked this with a simple ws project dependent on a simple library, both set to self-signing. The problem is apparently in WS Ant tasks SignJarsTask and GenerateJnlpFileTask. In SignJarsTask the already signed jars are detected, and their signer is attempted to be identified, but this information is then stored as project property and apparently ignored in GenerateJnlpFileTask where it should be used to generate "extension" instead of "jar" element. Moreover, if multiple dependent projects use self-signing, the current mechanism fails to recognize their generated keystores as separate ones. I'll deal with that next week..
Hi Petr Somol, I would like to mention that I have to use only 7.0.1 because any later version (for example 7.1) has discontinued support for few things I need. (WinCE/CreME). Thanks, Vishal
fixed issue 161238 and issue 212668 in jetmain: http://hg.netbeans.org/jet-main/rev/4525d183679f The fix repairs faulty jnlp external component generation and referencing, and improves detection of dependent JARs signed by a different signer. Now if signing is on, dependent JARs are treated as follows: the unsigned ones are signed and referred to by <jar> jnlp element, those signed by a different signer (than that used to sign the main JAR) get external jnlp components and are referred to by <extension> jnlp element, and those signed by a signer of equal name as the main JAR are referred to by <jar> element. In case of self-signing each generated signer used to be named "nb-jws" before the fix, what led to problems with recognizing the need to use external jnlp components instead of direct <jar> reference. Now self-signing generates a signer name dependent on the name of the project. The fix will appear in NB 7.2, but I am afraid, Vishal, we are unable to backport it to 7.0.x codebase.
Integrated into 'main-golden', will be available in build *201205230300* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress) Changeset: http://hg.netbeans.org/main-golden/rev/4525d183679f User: Petr Somol <psomol@netbeans.org> Log: #161238 and #212668 correct external jnlp components for differently signed jars