[ https://issues.apache.org/jira/browse/SUREFIRE-1588?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16670083#comment-16670083 ]
Thorsten Glaser commented on SUREFIRE-1588: ------------------------------------------- This is apparently a bug in the Debian package, in that they did not backport the patch that disables these new stricter checks by default: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911925#38 There’s a workaround, but that involves either touching the POM of *every* project one develops with manually to set useSystemClassLoader=false for Surefire (and I’m not sure what other implications this has) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911925#10 or, worse, setting a JVM property (I’m not sure where to even begin doing so, considering java is invoked indirectly under a bazillion layers, from Jenkins over Maven to its plugins…) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911925#29 Considering this is supposed to be a new stricter check for something, is there a way we can get a new Surefire release that adheres to these stricter standards? The Canonical/Debian people are, unfortunately, unwilling to consider a full development showstopper as bug and consider it a “security feature” and an “intentional upstream change” instead: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912333#53 For now, general advice is to downgrade to the last working OpenJDK version in a development environment (and yes, thus not getting the latest security fixes, which is extremely unfortunate) until the OpenJDK, Canonical/Debian, and Maven/Surefire people “fight” this out among themselves. (And who knows what *else* will break due to this change… there’s not even a warning output!) > Surefire 2.22.1 (and maybe other versions too) are broken on latest Ubuntu > Java8 > -------------------------------------------------------------------------------- > > Key: SUREFIRE-1588 > URL: https://issues.apache.org/jira/browse/SUREFIRE-1588 > Project: Maven Surefire > Issue Type: Bug > Affects Versions: 2.22.1 > Reporter: Cservenak, Tamas > Priority: Major > > See issue [1], but in short: latest Java8 on Ubuntu/Debian/Mint family of > Linuxes (am on Mint, Ubuntu derivative) contains this patch [3], and eforces > Manifest class path entries to be relative, as defined in [2]. > Hence, surefire booter and rest of Maven classpath, that uses absolute URLs > are simply discarded. > Example error: > {noformat} > # Created at 2018-10-30T21:34:43.339 > Error: Could not find or load main class > org.apache.maven.surefire.booter.ForkedBooter{noformat} > using the new property > {{-Djdk.net.URLClassPath.disableClassPathURLCheck=debug}} clearly shows that > all the entries from the surefire JAR are simply ignored. > > [1] [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911925] > [2] > https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html#classpath > [3] [https://hg.openjdk.java.net/jdk/jdk/rev/27135de165ac] -- This message was sent by Atlassian JIRA (v7.6.3#76005)