[
https://issues.apache.org/jira/browse/SUREFIRE-1588?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16670083#comment-16670083
]
Thorsten Glaser commented on SUREFIRE-1588:
-------------------------------------------
This is apparently a bug in the Debian package, in that they did not backport
the patch that disables these new stricter checks by default:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911925#38
There’s a workaround, but that involves either touching the POM of *every*
project one develops with manually to set useSystemClassLoader=false for
Surefire (and I’m not sure what other implications this has)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911925#10 or, worse, setting
a JVM property (I’m not sure where to even begin doing so, considering java is
invoked indirectly under a bazillion layers, from Jenkins over Maven to its
plugins…) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911925#29
Considering this is supposed to be a new stricter check for something, is there
a way we can get a new Surefire release that adheres to these stricter
standards? The Canonical/Debian people are, unfortunately, unwilling to
consider a full development showstopper as bug and consider it a “security
feature” and an “intentional upstream change” instead:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912333#53
For now, general advice is to downgrade to the last working OpenJDK version in
a development environment (and yes, thus not getting the latest security fixes,
which is extremely unfortunate) until the OpenJDK, Canonical/Debian, and
Maven/Surefire people “fight” this out among themselves. (And who knows what
*else* will break due to this change… there’s not even a warning output!)
> Surefire 2.22.1 (and maybe other versions too) are broken on latest Ubuntu
> Java8
> --------------------------------------------------------------------------------
>
> Key: SUREFIRE-1588
> URL: https://issues.apache.org/jira/browse/SUREFIRE-1588
> Project: Maven Surefire
> Issue Type: Bug
> Affects Versions: 2.22.1
> Reporter: Cservenak, Tamas
> Priority: Major
>
> See issue [1], but in short: latest Java8 on Ubuntu/Debian/Mint family of
> Linuxes (am on Mint, Ubuntu derivative) contains this patch [3], and eforces
> Manifest class path entries to be relative, as defined in [2].
> Hence, surefire booter and rest of Maven classpath, that uses absolute URLs
> are simply discarded.
> Example error:
> {noformat}
> # Created at 2018-10-30T21:34:43.339
> Error: Could not find or load main class
> org.apache.maven.surefire.booter.ForkedBooter{noformat}
> using the new property
> {{-Djdk.net.URLClassPath.disableClassPathURLCheck=debug}} clearly shows that
> all the entries from the surefire JAR are simply ignored.
>
> [1] [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911925]
> [2]
> https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html#classpath
> [3] [https://hg.openjdk.java.net/jdk/jdk/rev/27135de165ac]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
