Java / jarsigner: Un-sign / re-sign jar files

25. Januar 2016

Re-signing jar files is a pain if there are old signatures to remove. jarsigner happily would add the new signature, rendering the jar invalid if the old signatures are still present. There’s no command line switch to tell jarsigner to remove the old signatures first. So, one has to unpack each jar file first, remove the META-INF/*.SF and *.RSA files, and zip the jar again… NO! The linux version of zip comes with a nice command line option „-d“ to remove files from a zip. So, just execute the following command to remove any existing signatures from a jar file (thanks martinhans!):

zip -d file.jar 'META-INF/*.SF' 'META-INF/*.RSA'

To iterate over a whole bunch of jar files, just embed that command into a bash for loop:

for i in *.jar; do zip -d "$i" 'META-INF/*.SF' 'META-INF/*.RSA';done

In fact, you’re done ūüôā

For re-signing mutiple jars: jarsigner is able to read the keystore / key password from a file or from an environment variable, using the -keypass / -storepass command line option together with the :file or the :env modifier.

So, it’s possible to put each of the passwords in a file and use a for loop like this to sign all jars in the current directory using the key key_alias:

for i in ./*.jar; do jarsigner -storepass:file ~/.storepass -keypass:file ~/.keypass "$i" key_alias;done

To make jarsigner read the passwords from an env variable, you’ll have to create those variables first:

export storepass="mystorepassword"
export keypass="mykeypassword"
for i in ./*.jar; do jarsigner -storepass:env storepass -keypass:env keypass jarfile.jar key_alias;done

Windows 10: Startmen√ľ √∂ffnet sich nicht, Info-Center ebenfalls nicht…

23. Dezember 2015

Microsoft lässt seine Nutzerschaft mal wieder im Regen stehen, wenn das im Titel beschriebene Problem auftaucht. Den PowerShell-Befehl zur Reparatur findet man nur in diversen Foren, etwa hier und hier:

Get-AppxPackage | % { Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppxManifest.xml" -verbose }

Dann sollten Startmen√ľ und Infocenter wieder erscheinen und funktionieren.

Firefox truncating long tables…

17. Dezember 2015

Short notice regarding a Gecko bug when trying to print long tables (thanks to Colin Turner): add

table, td {height:100%}

to the print css rules.

LibreOffice MailMerge and SSL

6. Dezember 2015

Since 2013, LibreOffice Writer has a known bug regarding the mail merge wizard: Sending merged mails using a SSL connection to the SMTP server will fail.

There’s a workaround (thanks to Andrea Tessadri) – one has to edit the python script responsible for sending the mails. It’s called, and you’ll find it (on a linux box) under /usr/lib/libreoffice/program/ .

To make sending mails using SSL work, make sure that no LO process is running (check quickstart!). Now, open /usr/lib/libreoffice/program/ (on Linux: with root privileges), search for the line

self.server = smtplib.SMTP(server, port,timeout=tout)

and replace it by

self.server = smtplib.SMTP_SSL(server, port,timeout=tout)

Now, when sending merged documents via mail, don’t enable SSL in the mail settings; just set the port to 465. Now, sending merged documents as mail should work.



„Fun“ with JavaWS and PAC (Proxy AutoConfig)

20. Oktober 2014

Using a *.pac / *.dat file for proxy auto-configuration is a very useful thing, especially in enterprise environments. Generally, JavaWS supports using PAC. But sadly, Oracle’s current JRE versions (7u71 / 7u72) refuse to use a PAC file that makes use of of JavaScript functions like dnsDomainIs(). Using such a PAC file will lead to errors like this:

javax.script.ScriptException: TypeError: Cannot find function dnsResolve in object (<Unknown source>#34) in <Unknown source> at line number 34

Caused by: TypeError: Cannot find function dnsResolve in object (<Unknown source>#34)

This looks like JDK-8038986 and JDK-6945158. So, it seems to be fixed in current version of OpenJDK, and hopefully, it gets fixed in Oracle’s JRE’s, too. In the meanwhile, the workaround found at JDK-6945158 worked for me, too: make sure that the PAC file returns anything without using dnsDomainIs(), for example using a Regex-based test like shExpMatch (thanks os!) or doing a simple string comparison like

if (host==“[hostname]“)
return „PROXY proxy_host:proxy_port“;

Linux Mint: wrong keyboard layout on login screen

10. Juni 2014

Mint users using a non-default keyboard layout (german, french and so on) may encounter an annoying bug regarding the Mint login screen: setting a locale won’t affect the keyboard layout. As result, you can’t login using a password that contains special characters. Logging in using the console still works fine.

So, the first obvious workaround is changing to a console (using ALT-CTRL-F1, for example), logging in and changing the password to another one which doesn’t contain special characters. But this is deprecated since using special characters are an important part of creating strong passwords.

To solve the issue, do the following: open the following file using your preferred text editor:


Go to the last line – it should be

exit 0

Insert a new line before that last line and enter

/usr/bin/setxkbmap de

for a german localisation. Choose the localisation according your needs, for example fr for french and so on.

Don’t forget to adapt the file again after upgrading to a new Mint version.

SSH-Tunnel f√ľr HTTPS-Access

18. Mai 2014
ssh -f <user>@<host> -L <localport>:<remoteserver>:443 -N

Nicht vergessen, URL mit https:// anzugeben.

Some Java NG Plugin / Applet resources

20. Juli 2012

Collection of some resources on the NG Java Plugin and new Applet features:

R-griffen :)

26. Februar 2012

Das Linux Magazin bringt in seiner Ausgabe 3/2012 einen – wie √ľblich sehr interessanten und auch f√ľr R-Anf√§nger wie mich geeigneten – Artikel zur grafischen Darstellung statistischer Daten mittels ggplot2 und R. Beim Testen der Beispiele stellte sich zwar schnell heraus, dass ggplot2 eine neuere Version von R voraussetzt – die bei Ubuntu Lucid (aktuelle LTS-Version) mitgelieferten Pakete etwa sind leider zu alt zur Installation von ggplot2. Das CRAN bietet aber auch f√ľr Lucid die n√∂tigen Pakete.

Die read.csv()-Funktion warf bei mir zudem eine Fehlermeldung, es seien doppelte Zeilennamen vorhanden. Offenbar wird die erste Datenspalte („Algorithmus“) als Quelle der Zeilennamen verwendet, und die Spalte enth√§lt ja tats√§chlich doppelte Werte. Abhilfe brachte das explizite Deaktivieren der Zeilennamen mit row.names=NULL.

Bei der Suche nach einer Hilfe zur Installation und Nutzung von R unter Lucid bin ich noch √ľber einen prima Hinweis gesto√üen: mit JGR gibt es ein ebenso einfaches wie hilfreiches GUI f√ľr R, das zB sch√∂n anzeigt, welche Argumente eine Funktion erwartet. Ausgestattet mit aktuelleren debs aus dem CRAN und ‚Äěbewaffnet‚Äú mit JGR steht der weiteren Erkundung Rs nichts mehr entgegen.

"Fun" with Funambol….

25. Januar 2012

Sadly there seem to be no „official“ Funambol add-ons for newer Thunderbird versions. No matter using official or inofficial add-ons (for example those provided by, debugging strange errors isn’t really fun. For example the nice message „Error: code 2054“ when trying to sync a new client:

funamvol error code 2054

The log files don’t offer any more information. Searching the web doesn’t help, either, but the error seems to be caused by an SSL issue. In fact, i tried to access a (custom) Funambol server using https, and the SSL certificate was cacert based. Ok, but i’ve imported cacert’s root and class3 certs into Thunderbird’s cert cache already? Finally, i realized that the Funambol add-on just ignored the certs in the Thunderbird cert store and solely checked the root certificates provided by windows! After importing cacert’s root certificate in the windows cert store (take care to choose the right „department“ – you have to manually select „trusted root certification authority“ – or „Vertrauensw√ľrdige Stammzertifizierungsstellen“ in german…), everything worked like a charm.