[
https://jira.codehaus.org/browse/MSHADE-147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=347269#comment-347269
]
Neeme Praks edited comment on MSHADE-147 at 5/29/14 2:38 AM:
-------------------------------------------------------------
Attached a patch to:
* print a nice error message when there is an error while reading JAR file
contents (includes JAR entry path and JAR file path)
* add a "disableJarFileVerification" configuration option for DefaultShader --
when enabled, dependency JAR file verification is turned off
The base version for the patch is 2.3.
was (Author: nemecec):
Attached a patch to:
* print a nice error message when there is an error while reading JAR file
contents (includes JAR entry path and JAR file path)
* add a "disableJarFileVerification" configuration option for DefaultShader --
when enabled, dependency JAR file verification is turned off
The base version for the patch is 2.3.
> Failure to shade without explanation when signature is invalid
> --------------------------------------------------------------
>
> Key: MSHADE-147
> URL: https://jira.codehaus.org/browse/MSHADE-147
> Project: Maven Shade Plugin
> Issue Type: Bug
> Affects Versions: 2.0
> Environment: JDK 7u21, Linux, Maven 3.0.5
> Reporter: Jesse Glick
> Priority: Minor
> Attachments: patch.txt, stuff.zip
>
>
> If there is a signature error in a shaded dependency, you can get a build
> error like this:
> {code:none}
> org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute
> goal org.apache.maven.plugins:maven-shade-plugin:2.0:shade (shade) on project
> stuff: Error creating shaded jar: Invalid signature file digest for Manifest
> main attributes
> at
> org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:217)
> at
> org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
> at
> org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
> at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:84)
> at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:59)
> at
> org.apache.maven.lifecycle.internal.LifecycleStarter.singleThreadedBuild(LifecycleStarter.java:183)
> at
> org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:161)
> at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:320)
> at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:156)
> at
> org.jvnet.hudson.maven3.launcher.Maven3Launcher.main(Maven3Launcher.java:79)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:601)
> at
> org.codehaus.plexus.classworlds.launcher.Launcher.launchStandard(Launcher.java:329)
> at
> org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:239)
> at org.jvnet.hudson.maven3.agent.Maven3Main.launch(Maven3Main.java:158)
> at hudson.maven.Maven3Builder.call(Maven3Builder.java:100)
> at hudson.maven.Maven3Builder.call(Maven3Builder.java:66)
> at hudson.remoting.UserRequest.perform(UserRequest.java:118)
> at hudson.remoting.UserRequest.perform(UserRequest.java:48)
> at hudson.remoting.Request$2.run(Request.java:326)
> at
> hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:722)
> Caused by: org.apache.maven.plugin.MojoExecutionException: Error creating
> shaded jar: Invalid signature file digest for Manifest main attributes
> at
> org.apache.maven.plugins.shade.mojo.ShadeMojo.execute(ShadeMojo.java:551)
> at
> org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:101)
> at
> org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:209)
> ... 27 more
> Caused by: java.lang.SecurityException: Invalid signature file digest for
> Manifest main attributes
> at
> sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:240)
> at
> sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193)
> at java.util.jar.JarVerifier.processEntry(JarVerifier.java:305)
> at java.util.jar.JarVerifier.update(JarVerifier.java:216)
> at java.util.jar.JarFile.initializeVerifier(JarFile.java:345)
> at java.util.jar.JarFile.getInputStream(JarFile.java:412)
> at
> org.apache.maven.plugins.shade.DefaultShader.shade(DefaultShader.java:134)
> at
> org.apache.maven.plugins.shade.mojo.ShadeMojo.execute(ShadeMojo.java:484)
> ... 29 more
> {code}
> Apparently {{DefaultShader}} is using the {{JarFile}} constructor that
> enables signature verification. That may be correct, but if so it should
> catch {{SecurityException}} and report the problem more nicely, say with the
> name of the bad dependency, and perhaps with instructions on how to configure
> the plugin to ignore this dependency or override the signature check.
> Attaching my test project, though I cannot consistently reproduce the problem
> with this. (Seems to file from inside Jenkins but not outside; not yet sure
> what the difference would be.)
> MSHADE-90 is a bit related.
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)
