[ https://jira.codehaus.org/browse/MSHADE-147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=347269#comment-347269 ]
Neeme Praks edited comment on MSHADE-147 at 5/29/14 2:38 AM: ------------------------------------------------------------- Attached a patch to: * print a nice error message when there is an error while reading JAR file contents (includes JAR entry path and JAR file path) * add a "disableJarFileVerification" configuration option for DefaultShader -- when enabled, dependency JAR file verification is turned off The base version for the patch is 2.3. was (Author: nemecec): Attached a patch to: * print a nice error message when there is an error while reading JAR file contents (includes JAR entry path and JAR file path) * add a "disableJarFileVerification" configuration option for DefaultShader -- when enabled, dependency JAR file verification is turned off > Failure to shade without explanation when signature is invalid > -------------------------------------------------------------- > > Key: MSHADE-147 > URL: https://jira.codehaus.org/browse/MSHADE-147 > Project: Maven Shade Plugin > Issue Type: Bug > Affects Versions: 2.0 > Environment: JDK 7u21, Linux, Maven 3.0.5 > Reporter: Jesse Glick > Priority: Minor > Attachments: patch.txt, stuff.zip > > > If there is a signature error in a shaded dependency, you can get a build > error like this: > {code:none} > org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute > goal org.apache.maven.plugins:maven-shade-plugin:2.0:shade (shade) on project > stuff: Error creating shaded jar: Invalid signature file digest for Manifest > main attributes > at > org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:217) > at > org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153) > at > org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:84) > at > org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:59) > at > org.apache.maven.lifecycle.internal.LifecycleStarter.singleThreadedBuild(LifecycleStarter.java:183) > at > org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:161) > at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:320) > at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:156) > at > org.jvnet.hudson.maven3.launcher.Maven3Launcher.main(Maven3Launcher.java:79) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:601) > at > org.codehaus.plexus.classworlds.launcher.Launcher.launchStandard(Launcher.java:329) > at > org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:239) > at org.jvnet.hudson.maven3.agent.Maven3Main.launch(Maven3Main.java:158) > at hudson.maven.Maven3Builder.call(Maven3Builder.java:100) > at hudson.maven.Maven3Builder.call(Maven3Builder.java:66) > at hudson.remoting.UserRequest.perform(UserRequest.java:118) > at hudson.remoting.UserRequest.perform(UserRequest.java:48) > at hudson.remoting.Request$2.run(Request.java:326) > at > hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) > at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) > at java.util.concurrent.FutureTask.run(FutureTask.java:166) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:722) > Caused by: org.apache.maven.plugin.MojoExecutionException: Error creating > shaded jar: Invalid signature file digest for Manifest main attributes > at > org.apache.maven.plugins.shade.mojo.ShadeMojo.execute(ShadeMojo.java:551) > at > org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:101) > at > org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:209) > ... 27 more > Caused by: java.lang.SecurityException: Invalid signature file digest for > Manifest main attributes > at > sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:240) > at > sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193) > at java.util.jar.JarVerifier.processEntry(JarVerifier.java:305) > at java.util.jar.JarVerifier.update(JarVerifier.java:216) > at java.util.jar.JarFile.initializeVerifier(JarFile.java:345) > at java.util.jar.JarFile.getInputStream(JarFile.java:412) > at > org.apache.maven.plugins.shade.DefaultShader.shade(DefaultShader.java:134) > at > org.apache.maven.plugins.shade.mojo.ShadeMojo.execute(ShadeMojo.java:484) > ... 29 more > {code} > Apparently {{DefaultShader}} is using the {{JarFile}} constructor that > enables signature verification. That may be correct, but if so it should > catch {{SecurityException}} and report the problem more nicely, say with the > name of the bad dependency, and perhaps with instructions on how to configure > the plugin to ignore this dependency or override the signature check. > Attaching my test project, though I cannot consistently reproduce the problem > with this. (Seems to file from inside Jenkins but not outside; not yet sure > what the difference would be.) > MSHADE-90 is a bit related. -- This message was sent by Atlassian JIRA (v6.1.6#6162)