Sign a launch4j executable in ant with sign4j and jsign

StackOverflow https://stackoverflow.com/questions/22325009

  •  12-06-2023
  •  | 
  •  

Question

I have an application in a Jar and I wrap it in a exe with launch4j so is easy for the user to launch it (in windows). I have a certificate, so I sign the jar (I don't know if this is really necessary because it will be wrapped inside the exe) and I want to sign the exe but it corrupt the executable.

I use ant to make all the process and look like:

<signjar jar="${jar.location}" alias="${key.alias}" storetype="pkcs12" keystore="${key.file}" storepass="${key.password}" tsaurl="https://timestamp.geotrust.com/tsa" />

<launch4j configFile="launch4j_configuration.xml" fileversion="${version}.0" txtfileversion="${build}" productversion="${version}.0" txtproductversion="${build}" outfile="${exe.location}" jar="${jar.location}" />

<signexe file="${exe.location}" alias="${key.alias}" storetype="pkcs12" keystore="${key.file}" storepass="${key.password}" tsaurl="http://timestamp.verisign.com/scripts/timstamp.dll" />

I have found that is because when you sign the exe it broke the jar structure or something like this. But what I have also seen is that inside the launch4j folder is a sign4j folder that contains what I think is a program that solve this problem.

My problem now is how is used this program? And how can I integrate it in the ant script to sign the exe?

The README.txt file in the folder doesn't helped to me. Sorry if this so obvious but isn't clear for me. Also note that I'm using Ubuntu.

Was it helpful?

Solution

What I have found is that you must execute the sign4j command with the signing command as its argument. Something like:

sign4j jsign -s keyfile.p12 -a "(codesign_1091_es_sw_kpsc)" --storepass AVERYGOODPASSWORD --storetype pkcs12 -n MyProgram -u https://www.example.com MyProgram.exe

So, to integrate it into ant, you need to create an exec task. For example, something like:

<exec executable="sign4j">
  <arg line="java -jar jsign-1.2.jar -s ${key.file} -a ${key.alias} --storepass ${key.password} --storetype pkcs12 ${exe.location}"/>
</exec>

It works also with other signing tools like for example authenticode from Microsoft, too ...

<exec executable="launch4j/sign4j/sign4j.exe">
    <arg line="signtool.exe sign /fd SHA256 /f mycert.pfx /p foobar /t http://timestamp.verisign.com/scripts/timstamp.dll dist\myapp.exe"/>
</exec>

OTHER TIPS

I use ant target as below to sign exe generated out of a jar file

<target name="signexe" depends="createExe" description="Signing Exe">
   <exec executable="C:\Tools\Launch4j\sign4j\sign4j.exe">
        <arg line="java -jar C:\3rdParty\jsign\jsign-3.1.jar
        --keystore ${keystore.location} --alias ${key.alias} --storepass ${store.password}
        --name 'Application Name'
        --tsaurl http://timestamp.verisign.com/scripts/timstamp.dll
         AppLauncher.exe"/>
    </exec>
</target>

This issue can be solved by setting the main class in the launch4j configuration:

<classPath>
  <mainClass>org.acme.Main</mainClass>
</classPath>

See the related Jsign issue for more info: https://github.com/ebourg/jsign/issues/80

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top