ritschwumm / xsbt-webstart Goto Github PK
View Code? Open in Web Editor NEWA Webstart plugin for sbt
License: BSD 2-Clause "Simplified" License
A Webstart plugin for sbt
License: BSD 2-Clause "Simplified" License
!!! this project is obsolete !!! A Webstart plugin for sbt At the moment, this is only a rough draft, just enough to get my own projects running. Let me know what you think. To build this code, get and install SBT from https://github.com/sbt/sbt Get and install these plugins before building: https://github.com/ritschwumm/xsbt-util https://github.com/ritschwumm/xsbt-classpath Build and publish the plugin: git clone [email protected]:ritschwumm/xsbt-webstart.git cd xsbt-webstart sbt publish-local Add the plugin to your project in project/plugins.sbt: addSbtPlugin("de.djini" % "xsbt-webstart" % <version>) Include the plugin in your project's build.sbt: webstartGenConfig := Some(GenConfig( dname = "CN=Snake Oil, OU=An Anonymous Hacker, O=Bad Guys Inc., L=Bielefeld, ST=33641, C=DE", validity = 365 )) webstartKeyConfig := Some(KeyConfig( keyStore = file("my/keyStore"), storePass = "password", alias = "alias", keyPass = "password" )) webstartJnlpConfigs := Seq(JnlpConfig( fileName = "my.jnlp", descriptor = (fileName:String, assets:Seq[JnlpAsset]) => { <jnlp spec="6.0+" codebase="$$codebase" href={fileName}> <information> <title>My Title</title> <vendor>My Company</vendor> <description>My Webstart Project</description> <icon href="my_icon.png"/> <icon href="my_splash.png" kind="splash"/> </information> <security> <all-permissions/> </security> <resources> <j2se version="1.8+" max-heap-size="192m"/> { assets map { _.toElem } } </resources> <application-desc main-class="my.Main"/> </jnlp> } )) /* on osx this file must contain the line Permissions: all-permissions or the java security settings cannot be set to "very high" */ webstartManifest := Some(file("path/to/MANIFEST.MF")) Once set up you can use the following tasks in sbt: webstart creates a directory with a JNLP file and all necessary jar files webstartKeygen creates a keyStore, fails if it already exists
Right now to use this plugin in a project one has to build it (and its dependencies) and install locally, or (in case of a team) to some private repository. This is ugly and painful - and raises the threshold for adoption.
Publishing to bintray or Sonatype is relatively straightforward, and will save your users a lot of trouble.
Currently the jars are signed in-place in webstartBuildDir
. If we get an error, the webstart
task fails, but the jar itself remains in webstartBuildDir
, unsigned. On the next webstart
launch it is considered signed, and can get into the resulting artifact.
A simple solution for this would be to either remove the jar if sign or verification fail, or to sign and verify it in a temporary file, and only copy the result to webstartBuildDir
once we know it is valid.
This is prompted by AdoptOpenJDK/IcedTea-Web#573. Apparently, IcedTea-Web "loses" jars from the classpath if they have been downloaded from a URL that includes escaped characters. This is obviously an IcedTea-Web's bug, but waiting until it is fixed, and until everyone involved upgrades, would take ages, so I think we should include a workaround in this plugin.
At the very least, we can factor out this part of code as a separate setting (e.g. webstart / mappings
):
Better yet, we can get rid of any non-unreserved characters in the file names. I don't think that would break anyone's code - I'm yet to see anyone use a JAR with non-ASCII name - but the proposed webstart / mappings
setting should at least make it possible for them to find a workaround if that happens.
Hi, do you have any plans to update the plugin for sbt 0.11.0? Thanks.
sbt package leaves useful metadata in the project jar (Implementation-Vendor, Implementation-Title, and especially Implementation-Version). none of this is present in the jar built by the webstart task. it would be really nice to have these (mostly to support package.getImplementationVersion)
We've had to update our code signing certificate recently, and some of the previously signed JARs were not re-signed after this (because they haven't changed), leading to a botched application. It'd be nice if the caching logic considered webstartKeyConfig
and the mentioned store file as one of the inputs, and invalidated the existing signed files when those changed.
The URL listed under "Build and publish the plugin" has a typo in the clone URL,
[email protected]:ritschwumm/xstb-webstart.git
instead of
[email protected]:ritschwumm/xsbt-webstart.git
some more explanation about what you plugin is and what you can do with it would be helpful.
By default jarsigner warns about some problems, but doesn't treat them as warnings. For example, I've recently found that the root certificate for the TSA service I use is no longer in the standard cacerts file. However jarsigner verification and, consequently, xsbt-webstart
, don't raise an error.
It should be possible to specify the -strict
jarsigner option for verification. This can be exposed in the SBT API as either a separate Boolean
setting, or as a Seq[String]
setting with custom jarsigner options.
using -tsa argument to jarsigner
Hi,
the project's README claims this project to be "obsolete". What does this mean?
At least in certain environments Webstart deployments are still needed. Perhaps you can clarify why and in which way this project is "obsolete".
Best regards,
Dirk
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.