stop passing passphrases via args, instead use prepared files
Any process can read the process table, and can therefore see the entire command line of any other process. That means its a bad idea to ever put passwords as part of a command line. Python is executing keytool and jarsigner command lines here, so now instead of putting the password on the command line, a file is passed instead with suitable file permissions. This should reduce the exposure a lot. But still, sensitive passwords should not be written to any text file. This change requires OpenJDK-7 since the :file option to -storepass and -keypass was only added in Java 7's keytool and jarsigner.
Showing with 40 additions and 14 deletions