Front Page

User FAQ
Developer FAQ
Community Docs
Popular Projects
Development
Quality
Bug DashBoard
Hudson
Sources
Nightly
Wiki Etiquette
Formatting Rules
Terms Of Use
Unlinked Pages
Undefined Pages
Categories
Page Index
Recent Changes
Find Page

[RSS]

Can I sign NBMs I create?

Yes, though there is not yet any GUI support for this.

1. Make a module project.

2. Generate a keystore, e.g. 

keytool -genkey -storepass specialsauce -alias myself -keystore .../path/to/module/nbproject/private/keystore

and answer the questions posed.

To make NetBeans build script sign the NBM module. The keystore and key password needs to be the same. At keytool, when the question below is asked, just press ENTER key, to make keystore and key alias the same password. 

Enter key password for <myself>
  (RETURN if same as keystore password):

3. Edit nbproject/project.properties to contain e.g. 

keystore=nbproject/private/keystore
nbm_alias=myself

4. Edit nbproject/private/private.properties to contain e.g. 

storepass=specialsauce

You could also pass -Dstorepass=specialsauce on the command line. In the API Support 5.0 Update 1 (or NetBeans 5.5 and newer), if you specify a keystore but ${storepass} is undefined, you will be prompted for the password during the build.

5. Build the NBM for the module. (Context menu of the project.) It should be signed.

6. Try installing the NBM. (Expand build folder in Files view and double-click it.) It will not be trusted initially (and so the checkbox to really install it will initially be unchecked), since NetBeans does not know about your signature. But you can click View Certificate to examine the certificate. If you allow installation of this module, NetBeans will remember you approved this certificate and it will not ask you for confirmation next time.

Some notes:

1. You can probably get a root-authorized certificate from VeriSign or the like, and the Auto Update wizard should treat this as more trusted. Not yet investigated (please update this FAQ entry if you experiment with this).

2. Keeping the keystore and its password in the private dir ensures that you will not accidentally commit either to source repository or include it in a source ZIP made with the Project Packager module. It may be safe to put the keystore in a shared directory (e.g. nbproject) if you are sure that the storepass is too hard to guess.

Applies to: NetBeans 5.0, 5.5, 6.x

Note: It turns out that the procedure does not work in 6.1 (may be never worked in prior releases) because the nbm_alias property is set in the nbbuild/default-properties.xml like this

<property name="nbm_alias" value="nb_ide"/>

before the module's nbproject/project.properties file is read. Thus the property set in nbproject/project.properties has no effect and the signing procedure fails. See issue 134871 for details.