Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency net.jsign:jsign-maven-plugin to v7 #645

Merged
merged 1 commit into from
Jan 16, 2025
Merged

Update dependency net.jsign:jsign-maven-plugin to v7 #645

merged 1 commit into from
Jan 16, 2025

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 16, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
net.jsign:jsign-maven-plugin (source) 6.0 -> 7.0 age adoption passing confidence

Release Notes

ebourg/jsign (net.jsign:jsign-maven-plugin)

v7.0

Compare Source

  • New signing services:
    • Azure Trusted Signing
    • Oracle Cloud
    • GaraSign
    • HashiCorp Vault Transit (contributed by Eatay Mizrachi)
    • Keyfactor SignServer (contributed by Björn Kautler)
  • Signing of NuGet packages has been implemented (contributed by Sebastian Stamm)
  • Commands have been added:
    • timestamp: timestamps the signatures of a file
    • tag: adds unsigned data (such as user identification data) to signed files
    • extract: extracts the signature from a signed file, in DER or PEM format
    • remove: removes the signature from a signed file
  • The intermediate certificates are downloaded if missing from the keystore or the certificate chain file
  • File list files prefixed with @ are now supported with the command line tool to sign multiple files
  • Wildcard patterns are now accepted by the command line tool to scan directories for files to sign
  • Jsign now checks if the certificate subject matches the app manifest publisher before signing APPX/MSIX packages (with contributions from Scott Cooper)
  • The new --debug, --verbose and --quiet parameters control the verbosity of the output messages
  • The JCA provider now works with apksigner for signing Android applications
  • RSA 4096 keys are supported with the PIV storetype (for Yubikeys with firmware version 5.7 or higher)
  • Certificates using an Ed25519 or Ed448 key are now supported (experimental)
  • Signatures on MSI files with gaps in the mini FAT are no longer invalid
  • The APPX/MSIX bundles are now signed with the correct Authenticode UUID
  • The signed APPX/MSIX files no longer contain a [Content_Types].old entry
  • The error message displayed when the password of a PKCS#12 keystore is missing has been fixed
  • The log4j configuration warning displayed when signing a MSI file has been fixed (contributed by Pascal Davoust)
  • The value of the storetype parameter is now case insensitive
  • The Azure Key Vault account no longer needs the permission to list the keys when signing with jarsigner
  • The DigiCert ONE host can now be specified with the keystore parameter
  • The AWS_USE_FIPS_ENDPOINT environment variable is now supported to use the AWS KMS FIPS endpoints (contributed by Sebastian Müller)
  • On Windows the YubiKey library path is automatically added to the PATH of the command line tool
  • Signing more than one file with the YUBIKEY storetype no longer triggers a CKR_USER_NOT_LOGGED_IN error
  • MS Cabinet files with a pre-allocated reserve are now supported
  • The --certfile parameter can now be used to replace the certificate chain from the keystore
  • PVK and PEM key files are now properly loaded even if the extension is not recognized (contributed by Alejandro González)
  • API changes:
    • The keystore builder and the JCA provider are now in a separate jsign-crypto module
    • The PEFile class has been refactored to keep only the methods related to signing
    • The java.util.logging API is now used to log debug messages under the net.jsign logger
    • Signable implementations are now discovered dynamically using the ServiceLoader mechanism
    • Signable.createContentInfo() has been replaced with Signable.createSignedContent()
  • Switched to BouncyCastle LTS 2.73.7

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@matteobaccan matteobaccan merged commit d077888 into master Jan 16, 2025
14 of 17 checks passed
@renovate renovate bot deleted the renovate/net.jsign-jsign-maven-plugin-7.x branch January 16, 2025 17:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@matteobaccan