Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Jubula: Invalid signature with eclipse-signing-maven-plugin

Does it have nested jars? And is Java 1.7 involved? If so, you might read

But, other than that, I think many projects have occasionally found issues
where some jars simply can not be "packed200'd" correctly and for those
cases must be excluded from packing, via properties in eclipse.inf file,
such as
This allows the jars to still be signed ... they are simply not compressed
with pack200.

One bug that documents such a case is

There are various VM bugs opened against pack200 for problem cases, but as
far as I can tell, there's not much rhyme or reason for which cases cause

And, not sure how any of these would be related to the
"eclipse-signing-maven-plugin"? So, perhaps a coincidental timing?

Hope this info helps a little ... keep us posted if you find anything.

From:	Zeb Ford-Reitz <Zeb.Ford-Reitz@xxxxxxxxx>
To:	cross-project-issues-dev@xxxxxxxxxxx,
Date:	02/29/2012 10:20 AM
Subject:	[cross-project-issues-dev] Jubula: Invalid signature with
Sent by:	cross-project-issues-dev-bounces@xxxxxxxxxxx

We recently made the switch over to the eclipse-signing-maven-plugin for
repacking, signing, and packing the Jubula project, using as a reference
(for job and pom). After the switch, I noticed that the produced p2
repository contained at least one invalidly signed jar
(org.eclipse.jubula.client.core). The jar in question contains classes
compiled from generated code, but other than that, I'm not sure what
would cause this jar to be handled any differently from the others.

In the job, the
following error occurs while performing the pack/repack operation after
conditioning and signing:

[ERROR] STDERR: Exception in thread "main" java.lang.SecurityException:
SHA1 digest error for
STDERR:     at
STDERR:     at java.util.jar.JarVerifier.processEntry(
STDERR:     at java.util.jar.JarVerifier.update(
STDERR:     at
STDERR:     at
STDERR:     at
STDERR:     at
STDERR:     at
STDERR:     at$
STDERR:     at
STDERR:     at
STDERR:     at
STDERR:     at
STDERR:     at
STDERR:     at
STDERR:     at
STDERR:     at
STDERR:     at$DoPack.readClass(
STDERR:     at$
STDERR:     at
STDERR:     at

The job succeeds despite that error, but running "jarsigner -verify
org.eclipse.jubula.client.core_$VERSION.jar" on the resulting repo
produces the same error. Has anybody encountered a similar error or
could offer some advice?

  - Zeb

Mauernstr. 33
38100 Braunschweig

Tel.: +49-531-24330-0
Fax:  +49-531-24330-99

Geschäftsführer: Hans-J. Brede, Achim Lörke, Ulrich Obst
Amtsgericht Braunschweig HRB 2450

[attachment "smime.p7s" deleted by David M Williams/Raleigh/IBM]
cross-project-issues-dev mailing list

Back to the top