Server: Remove JAR signing/JWS support+HTTP daemon

Nothing prevents organizations from continuing to deploy the TurboVNC Viewer using Java Web Start, if those organizations have also deployed Java 8 and obtained a commercial license for same. However, since public updates for Java 8 will end this year, JWS is effectively an obsolete technology from the point of view of the open source community. Refer to #147, #187
TurboVNC · Mar 6, 2020 · fc473a5 · fc473a5
1 parent 9c690fa
commit fc473a5
Show file tree

Hide file tree

Showing 21 changed files with 28 additions and 1,166 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -10,9 +10,6 @@ env:
   global:
     - LJT_VERSION=2.0.4
     - LJT_URL=https://sourceforge.net/projects/libjpeg-turbo/files/$LJT_VERSION
-    - LJT_LINUX_JNI=$LJT_URL/libjpeg-turbo-$LJT_VERSION-jws.zip
-    - LJT_OSX_JNI=$LJT_URL/libjpeg-turbo-$LJT_VERSION-jws.zip
-    - LJT_WINDOWS_JNI=$LJT_URL/libjpeg-turbo-$LJT_VERSION-jws.zip
     - LJT_GPG_KEY=https://sourceforge.net/projects/libjpeg-turbo/files/LJT-GPG-KEY
 
 matrix:
@@ -43,22 +40,6 @@ before_install:
   - if [ "${BUILD_OFFICIAL:-}" != "" ]; then
       if [ "$TRAVIS_OS_NAME" = "linux" ]; then
         docker pull dcommander/buildvnc:$TRAVIS_BRANCH &&
-        mkdir ~/libjpeg-turbo-jni &&
-        pushd ~/libjpeg-turbo-jni &&
-        wget --no-check-certificate $LJT_LINUX_JNI -O libjpeg-turbo-jws.zip &&
-        unzip libjpeg-turbo-jws.zip &&
-        rm libjpeg-turbo-jws.zip &&
-        if [ "$LJT_OSX_JNI" != "$LJT_LINUX_JNI" ]; then
-          wget --no-check-certificate $LJT_OSX_JNI -O libjpeg-turbo-jws.zip &&
-          unzip libjpeg-turbo-jws.zip &&
-          rm libjpeg-turbo-jws.zip;
-        fi &&
-        if [ "$LJT_WINDOWS_JNI" != "$LJT_LINUX_JNI" ]; then
-          wget --no-check-certificate $LJT_WINDOWS_JNI -O libjpeg-turbo-jws.zip &&
-          unzip libjpeg-turbo-jws.zip &&
-          rm libjpeg-turbo-jws.zip;
-        fi &&
-        popd &&
         mkdir ~/libjpeg-turbo-rpm &&
         pushd ~/libjpeg-turbo-rpm &&
         wget --no-check-certificate $LJT_URL/libjpeg-turbo-official-$LJT_VERSION.x86_64.rpm $LJT_URL/libjpeg-turbo-official-$LJT_VERSION.i386.rpm &&
@@ -102,7 +83,7 @@ script:
         wget --no-check-certificate "$LJT_GPG_KEY" -O $HOME/rpmkeys/LJT-GPG-KEY &&
         wget --no-check-certificate http://www.turbovnc.org/key/VGLPR-GPG-KEY -O $HOME/rpmkeys/VGLPR-GPG-KEY &&
         mkdir -p ~/.openjdk &&
-        docker run -v $HOME/src/vnc.nightly:/root/src/vnc.nightly -v $HOME/src/buildscripts:/root/src/buildscripts -v $TRAVIS_BUILD_DIR:/root/src/turbovnc -v $HOME/.gnupg:/root/.gnupg -v $HOME/libjpeg-turbo-jni:/opt/libjpeg-turbo-jni -v $HOME/libjpeg-turbo-rpm:/rpms -v $HOME/rpmkeys:/rpmkeys -v $HOME/.openjdk:/root/.openjdk -t dcommander/buildvnc:$TRAVIS_BRANCH bash -c "rpm --import /rpmkeys/LJT-GPG-KEY && rpm -K /rpms/*.rpm && rpm -i /rpms/*.rpm && rpm --import /rpmkeys/VGLPR-GPG-KEY && ~/src/buildscripts/buildvnc -d /root/src/turbovnc -v" &&
+        docker run -v $HOME/src/vnc.nightly:/root/src/vnc.nightly -v $HOME/src/buildscripts:/root/src/buildscripts -v $TRAVIS_BUILD_DIR:/root/src/turbovnc -v $HOME/.gnupg:/root/.gnupg -v $HOME/libjpeg-turbo-rpm:/rpms -v $HOME/rpmkeys:/rpmkeys -v $HOME/.openjdk:/root/.openjdk -t dcommander/buildvnc:$TRAVIS_BRANCH bash -c "rpm --import /rpmkeys/LJT-GPG-KEY && rpm -K /rpms/*.rpm && rpm -i /rpms/*.rpm && rpm --import /rpmkeys/VGLPR-GPG-KEY && ~/src/buildscripts/buildvnc -d /root/src/turbovnc -v" &&
         sudo chown -R travis:travis ~/src/vnc.nightly;
       else
         ~/src/buildscripts/buildvnc -d $TRAVIS_BUILD_DIR -v;

diff --git a/ChangeLog.md b/ChangeLog.md
@@ -48,11 +48,12 @@ Windows and 64-bit Linux, Mac, and Windows TurboVNC installations and packages
 by setting the `TVNC_INCLUDEJRE` CMake variable to `1`.  When including a
 custom JRE, OpenJDK 11 or later must be used.
 
-7. The built-in HTTP server in the TurboVNC Server is no longer enabled by
-default.  This reflects the fact that Java Web Start is now a legacy
-technology.  JWS is no longer provided in Java 11, so once Java 8 stops
-receiving public updates, the ability to deploy the TurboVNC Viewer using JWS
-will be limited.
+7. The zero-install Java Web Start feature and built-in HTTP server in the
+TurboVNC Server have been removed.  This reflects the fact that Java Web Start
+is now a legacy technology.  JWS is no longer provided in Java 11 and later, so
+once Java 8 stops receiving public updates, the ability to deploy the TurboVNC
+Viewer using JWS will be limited.  These features will continue to be supported
+in TurboVNC 2.2.x on a break/fix basis.
 
 8. MinGW can now be used instead of Visual C++ when building the TurboVNC
 Viewer (more specifically, the TurboVNC Helper library) for Windows.

diff --git a/doc/index.html b/doc/index.html
@@ -3,7 +3,7 @@
 <head>
 <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
 <meta name="language" content="en">
-<meta name="date" content="2020-03-05T13:28:47">
+<meta name="date" content="2020-03-05T16:43:24">
 <meta name="generator" content="deplate.rb 0.8.5">
 <title>User&rsquo;s Guide for TurboVNC 3.0</title>
 <link rel="start" href="index.html" title="Frontpage">
@@ -413,8 +413,7 @@ <h1 id="hd003"><a name="file003"></a>3&nbsp;Overview</h1>
         user stops interacting with the application for a certain period of time.
     </li>
     <li class="Itemize-1 Itemize asterisk">
-        High-performance feature-rich VNC viewer, which can optionally be 
-        launched via Java Web Start
+        High-performance feature-rich VNC viewer
     </li>
     <li class="Itemize-1 Itemize asterisk">
         The TurboVNC Server integrates with 

diff --git a/doc/overview.txt b/doc/overview.txt
@@ -93,8 +93,7 @@ In addition to high performance, other notable features of TurboVNC include:
 		a lossless refresh automatically if the user stops interacting with the
 		application for a certain period of time.
 
-	* High-performance feature-rich VNC viewer, which can optionally be
-		launched via Java Web Start
+	* High-performance feature-rich VNC viewer
 
 	* The TurboVNC Server integrates with [[https://novnc.com][noVNC]] to provide
 		a zero-install viewer for TurboVNC sessions that works in any web browser

diff --git a/java/CMakeLists.txt b/java/CMakeLists.txt
@@ -16,15 +16,6 @@ set(CLASSPATH com/turbovnc/vncviewer)
 set(SRCDIR ${CMAKE_CURRENT_SOURCE_DIR})
 set(BINDIR ${CMAKE_CURRENT_BINARY_DIR})
 
-set(JAVA_KEYSTORE "" CACHE FILEPATH "URL or pathname of the Java keystore (Default: ~/.keystore)")
-set(DEFAULT_JAVA_KEYSTORE_TYPE "jks")
-set(JAVA_KEYSTORE_TYPE ${DEFAULT_JAVA_KEYSTORE_TYPE} CACHE STRING "Java keystore type (Default: ${DEFAULT_JAVA_KEYSTORE_TYPE})")
-set(JAVA_KEYSTORE_PASS "" CACHE STRING "Java keystore password (plain-text.)  Add a prefix of env: to specify an environment variable from which to read the password, or a prefix of file: to specify a file from which to read the password.")
-set(JAVA_KEY_ALIAS "" CACHE STRING "Alias for the signing certificate's entry in the Java keystore.  Leave this blank to sign the JAR file using a self-signed certificate.")
-set(JAVA_KEY_PASS "" CACHE STRING "Password for the signing certificate's entry in the Java keystore (plain-text.)  Add a prefix of env: to specify an environment variable from which to read the password, or a prefix of file: to specify a file from which to read the password.")
-set(JAVA_TSA_URL "" CACHE STRING "URL of Timestamp Authority (TSA)")
-set(JAVA_TSA_ALG "" CACHE STRING "Timestamp Authority (TSA) message digest algorithm")
-
 string(TIMESTAMP DEFAULT_JAVA_DATE "%Y-%m-%d")
 set(JAVA_DATE ${DEFAULT_JAVA_DATE} CACHE STRING "Java date stamp")
 mark_as_advanced(JAVA_DATE)
@@ -55,13 +46,6 @@ if(APPLE)
 		"Shared library containing TurboJPEG JNI functions (default: ${DEFAULT_TJPEG_JNILIBRARY})")
 endif()
 
-if(UNIX AND TVNC_BUILDSERVER)
-	set(DEFAULT_TVNC_INCLUDEJNIJARS 0)
-	option(TVNC_INCLUDEJNIJARS "Include TurboJPEG JNI JARs for common platforms when installing/packaging TurboVNC, sign the JARs using the same certificate as VncViewer.jar, and make them available through Java Web Start when using the built-in HTTP server."
-		${DEFAULT_TVNC_INCLUDEJNIJARS})
-	boolean_number(TVNC_INCLUDEJNIJARS PARENT_SCOPE)
-endif()
-
 set(JAVA_SOURCES "")
 set(JAVA_CLASSES "")
 
@@ -173,45 +157,9 @@ endforeach()
 
 endif()
 
-if(TVNC_BUILDSERVER)
-
-set(TVNCJNIOPENCOMMENT "<?comment")
-set(TVNCJNICLOSECOMMENT "?>")
-if(TVNC_INCLUDEJNIJARS)
-	set(TVNCJNIOPENCOMMENT "")
-	set(TVNCJNICLOSECOMMENT "")
-endif()
-configure_file(${SRCDIR}/${CLASSPATH}/VncViewer.jnlp.in
-	${BINDIR}/VncViewer.jnlp)
-
-add_custom_target(favicon.ico ALL
-	COMMAND ${CMAKE_COMMAND} -E copy_if_different
-		${SRCDIR}/${CLASSPATH}/favicon.ico ${BINDIR}/favicon.ico
-	DEPENDS ${SRCDIR}/${CLASSPATH}/favicon.ico)
-
-endif()
-
 string(REGEX REPLACE "jar" "" Java_PATH ${Java_JAR_EXECUTABLE})
 string(REGEX REPLACE ".exe" "" Java_PATH ${Java_PATH})
 
-if(NOT JAVA_KEY_ALIAS)
-	set(KEYTOOL "${Java_PATH}/keytool")
-	add_custom_command(OUTPUT turbovnc.keystore
-		COMMAND ${KEYTOOL}
-		ARGS -genkey -alias TurboVNC -keystore turbovnc.keystore -keyalg RSA
-			-storepass turbovnc -keypass turbovnc -validity 7300
-			-dname "CN=TurboVNC, OU=Software Development, O=The VirtualGL Project, L=Austin, S=Texas, C=US")
-	set(JAVA_KEYSTORE "turbovnc.keystore")
-	set(JAVA_KEYSTORE_TYPE "jks")
-	set(JAVA_KEYSTORE_PASS "turbovnc")
-	set(JAVA_KEY_ALIAS "TurboVNC")
-	set(JAVA_KEY_PASS "turbovnc")
-	set(JAVA_TSA_URL "")
-	set(JAVA_TSA_ALG "")
-	add_custom_target(keystore DEPENDS turbovnc.keystore)
-	set(JAVA_KEYSTORE_DEPENDS keystore)
-endif()
-
 add_custom_command(OUTPUT VncViewer.jar
 	DEPENDS ${JAVA_CLASSES}
 		${SRCDIR}/${CLASSPATH}/MANIFEST.MF
@@ -223,12 +171,11 @@ add_custom_command(OUTPUT VncViewer.jar
 		${BINDIR}/${CLASSPATH}/insecure.png
 		${BINDIR}/${CLASSPATH}/secure.png
 		${TJPEG_JAR}
-		${JAVA_KEYSTORE_DEPENDS}
 	COMMAND ${JAVA_ARCHIVE}
 	ARGS xf ${TJPEG_JAR}
 		org/libjpegturbo/turbojpeg
 	COMMAND ${JAVA_ARCHIVE}
-	ARGS cfm VncViewer-unsigned.jar
+	ARGS cfm VncViewer.jar
 		${SRCDIR}/${CLASSPATH}/MANIFEST.MF
 		${CLASSPATH}/timestamp
 		${CLASSPATH}/*.class
@@ -250,21 +197,7 @@ add_custom_command(OUTPUT VncViewer.jar
 		${CLASSPATH}/turbovnc-sm.png
 		${CLASSPATH}/turbovnc-128.png
 		${CLASSPATH}/insecure.png
-		${CLASSPATH}/secure.png
-	COMMAND ${CMAKE_COMMAND}
-	ARGS -DJava_PATH=${Java_PATH} -DJAR_FILE=${BINDIR}/VncViewer-unsigned.jar
-		-DJAVA_KEYSTORE=${JAVA_KEYSTORE}
-		-DJAVA_KEYSTORE_TYPE=${JAVA_KEYSTORE_TYPE}
-		-DJAVA_KEYSTORE_PASS=${JAVA_KEYSTORE_PASS}
-		-DJAVA_KEY_ALIAS=${JAVA_KEY_ALIAS}
-		-DJAVA_KEY_PASS=${JAVA_KEY_PASS}
-		-DJAVA_TSA_URL=${JAVA_TSA_URL}
-		-DJAVA_TSA_ALG=${JAVA_TSA_ALG}
-		-P ${SRCDIR}/cmake/SignJar.cmake
-	COMMAND ${CMAKE_COMMAND}
-	ARGS -E copy_if_different VncViewer-unsigned.jar VncViewer.jar
-	COMMAND ${CMAKE_COMMAND}
-	ARGS -E remove VncViewer-unsigned.jar)
+		${CLASSPATH}/secure.png)
 
 add_custom_target(java ALL DEPENDS VncViewer.jar)
 
@@ -282,32 +215,6 @@ set(CMAKE_INSTALL_FULL_JAVADIR ${CMAKE_INSTALL_FULL_JAVADIR} PARENT_SCOPE)
 mark_as_advanced(CLEAR CMAKE_INSTALL_JAVADIR)
 report_directory(JAVADIR)
 
-if(TVNC_BUILDSERVER AND TVNC_INCLUDEJNIJARS)
-	set(DEFAULT_TJPEG_JNIJARPATH /opt/libjpeg-turbo-jni)
-	set(TJPEG_JNIJARPATH ${DEFAULT_TJPEG_JNIJARPATH} CACHE PATH
-		"Directory containing TurboJPEG JNI JARs (default: ${DEFAULT_TJPEG_JNIJARPATH})")
-	set(JNI_JAR_FILES ljtlinux32.jar ljtlinux64.jar ljtosx.jar ljtwin32.jar
-		ljtwin64.jar)
-	foreach(jarfile ${JNI_JAR_FILES})
-		add_custom_command(OUTPUT ${jarfile}
-			DEPENDS ${JAVA_KEYSTORE_DEPENDS}
-			COMMAND ${CMAKE_COMMAND}
-			ARGS -E copy_if_different ${TJPEG_JNIJARPATH}/${jarfile} ${jarfile}
-			COMMAND ${CMAKE_COMMAND}
-			ARGS -DJava_PATH=${Java_PATH} -DJAR_FILE=${BINDIR}/${jarfile}
-				-DJAVA_KEYSTORE=${JAVA_KEYSTORE}
-				-DJAVA_KEYSTORE_TYPE=${JAVA_KEYSTORE_TYPE}
-				-DJAVA_KEYSTORE_PASS=${JAVA_KEYSTORE_PASS}
-				-DJAVA_KEY_ALIAS=${JAVA_KEY_ALIAS}
-				-DJAVA_KEY_PASS=${JAVA_KEY_PASS}
-				-DJAVA_TSA_URL=${JAVA_TSA_URL}
-				-DJAVA_TSA_ALG=${JAVA_TSA_ALG}
-				-P ${SRCDIR}/cmake/SignJar.cmake)
-		install(FILES ${BINDIR}/${jarfile} DESTINATION ${CMAKE_INSTALL_JAVADIR})
-	endforeach()
-	add_custom_target(jnijars ALL DEPENDS ${JNI_JAR_FILES})
-endif()
-
 option(TVNC_INCLUDEJRE "Include a custom Java Runtime Environment (JRE) with the TurboVNC Viewer"
 	FALSE)
 boolean_number(TVNC_INCLUDEJRE PARENT_SCOPE)
@@ -340,11 +247,6 @@ endif()
 install(FILES ${BINDIR}/VncViewer.jar DESTINATION ${CMAKE_INSTALL_JAVADIR})
 install(FILES ${SRCDIR}/${CLASSPATH}/README.md
 	DESTINATION ${CMAKE_INSTALL_JAVADIR})
-if(TVNC_BUILDSERVER)
-	install(FILES ${BINDIR}/VncViewer.jnlp DESTINATION ${CMAKE_INSTALL_JAVADIR})
-	install(FILES ${SRCDIR}/${CLASSPATH}/favicon.ico
-		DESTINATION ${CMAKE_INSTALL_JAVADIR})
-endif()
 if(TVNC_INCLUDEJRE)
 	install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/jre
 		DESTINATION ${CMAKE_INSTALL_JAVADIR} USE_SOURCE_PERMISSIONS)

diff --git a/java/cmake/SignJar.cmake b/java/cmake/SignJar.cmake