[JIRA] [core] (JENKINS-25625) SECURITY-144-compat usage breaks tests due to code signing

[jgl...@cloudbees.com (JIRA)]

Jesse Glick created JENKINS-25625 SECURITY-144-compat usage breaks tests due to code signing Issue Type: Bug Assignee: Unassigned Components: core Created: 14/Nov/14 7:55 PM Description: Take a plugin which has a dependency on maven-plugin, such as copyartifact. Now update the dependency to 2.7.1 and try to run functional tests. Everything blows up: === Starting CopyArtifactTest.testMavenJobWithArchivePostBuildStep ... hudson.model.AbstractBuild$AbstractBuildExecution reportError WARNING: Publisher hudson.tasks.ArtifactArchiver aborted due to exception java.lang.SecurityException: class "org.jenkinsci.remoting.CallableDecorator"'s signer information does not match signer information of other classes in the same package at java.lang.ClassLoader.checkCerts(ClassLoader.java:952) at java.lang.ClassLoader.preDefineClass(ClassLoader.java:666) at java.lang.ClassLoader.defineClass(ClassLoader.java:794) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142) at java.net.URLClassLoader.defineClass(URLClassLoader.java:449) at java.net.URLClassLoader.access$100(URLClassLoader.java:71) at java.net.URLClassLoader$1.run(URLClassLoader.java:361) at java.net.URLClassLoader$1.run(URLClassLoader.java:355) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:354) at java.lang.ClassLoader.loadClass(ClassLoader.java:425) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308) at java.lang.ClassLoader.loadClass(ClassLoader.java:358) at jenkins.FilePathFilter.current(FilePathFilter.java:108) at hudson.FilePath.reading(FilePath.java:2677) at hudson.FilePath.access$000(FilePath.java:190) at hudson.FilePath$40.invoke(FilePath.java:2034) at hudson.FilePath$40.invoke(FilePath.java:2027) at hudson.FilePath.act(FilePath.java:980) at hudson.FilePath.act(FilePath.java:958) at hudson.FilePath.copyRecursiveTo(FilePath.java:2027) at jenkins.model.StandardArtifactManager.archive(StandardArtifactManager.java:61) at hudson.tasks.ArtifactArchiver.perform(ArtifactArchiver.java:218) at hudson.tasks.BuildStepCompatibilityLayer.perform(BuildStepCompatibilityLayer.java:74) at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20) at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:770) at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:734) at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.post2(MavenModuleSetBuild.java:1037) at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:683) at hudson.model.Run.execute(Run.java:1770) at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:529) at hudson.model.ResourceController.execute(ResourceController.java:89) at hudson.model.Executor.run(Executor.java:240) This is because remoting.jar is signed (which IMO it should not be), yet SECURITY-144-compat.jar is not. As a workaround it suffices to add <exclusions> <exclusion> <groupId>org.jenkins-ci</groupId> <artifactId>SECURITY-144-compat</artifactId> </exclusion> </exclusions> to the dependency, but this is not going to be sustainable if other plugins start adding the dep too. Project: Jenkins Labels: security test Priority: Major Reporter: Jesse Glick

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.