jpkg should be able to sign an existing module file
sean.mullan at oracle.com
Fri Apr 22 13:04:53 PDT 2011
Currently, jpkg can create a signed module file from a module library, but it
cannot take an existing module file and apply a signature to it. That's an
important use case that is missing, and being able to separate these tasks is
essential in situations where the signing needs to be done independently or by
some other entity. For example, the signing key may reside on a different
machine, or the signer may be in a different organization, etc.
In fact, I would like to make an argument that we should only support the latter
case, that is that jpkg --sign only applies to existing module files. In other
words, signing a file is a 2 step process, first you run "jpkg ...
<module_name>" to create the module file, then you run "jpkg --sign ...
<module_file>" to apply a signature to it. This would also simplify the jpkg
CLI, as there would be fewer options to parse when signing and breaking them up
into subcommands makes it easier to understand.
More information about the jigsaw-dev