How to sign jar using jarsign without providing -storepass?
-
01-06-2021 - |
题
Using jarsign without -storepass will prompt for the keystore password, which will break our automated build (no human intervention)
If we use jarsign with -storepass, then this will effectively log the password in cleartext in the build log.
Is there another way to pass storepass without using the command-line?
解决方案
I wrote a script to call jarsign.
So in the build log, we only see the wrapper script.
Storepass is piped to jarsign so it's not visible on the command-line (as @Perception suggested).
其他提示
If you use Maven you could try with the Jarsigner Plugin. There you could load the storepass from a property defined in your settings.xml
不隶属于 StackOverflow