[cross-project-issues-dev] More on signing, packing, and Java 7 ...
> I believe these expired certificates cause P2 to download both pack.gz
> and jar flavours of the same artifact
This would be important to know, if confirmed.
Since you mentioned "Java 7", I will point out there is a known issue with Java 7 and bundles that have "nested jars" that will cause dual downloads.
It has nothing to do with "expired certificates" but with a subtle change in Java 7 such that nested jars cannot be unpacked with Java 7.
No "general solution" has been found, but it is expected to cause more "dual downloads" of pack.gz files plus then the jar file (once it is discovered the pack.gz file can not be correctly unpacked),
when Java 7 is being used.
On the Java 7 pack.gz issue: While it is recommended that no one have nested jars in the first place :) if you must (and, there are some legitimate cases), it is recommended (for most cases) that the bundle provider add an eclipse.inf file to the META-INF directory, and in it specify
But, back to expired certificate, if you confirm the expired certificate causes this dual download (independent of nested jars) it would be worth a cross-project bug, where we could discuss what to do about it, if anything.
Igor Fedorenko ---05/26/2012 06:30:42 PM---I believe these expired certificates cause P2 to download both pack.gz and jar flavours of the same
From: Igor Fedorenko <ifedorenko@xxxxxxxxxxxx>
Date: 05/26/2012 06:30 PM
Subject: Re: [cross-project-issues-dev] Yet another nag note ... and, I mean it this time!
Sent by: cross-project-issues-dev-bounces@xxxxxxxxxxx
I believe these expired certificates cause P2 to download both pack.gz
and jar flavours of the same artifact when Eclipse is running on SUN
Java 7. At least this is the behaviour I see with Juno M7 P2 runtime
included with Tycho. Don't know if newer P2 behaves differently or if
the problem is limited to Tycho.
On 12-05-24 10:27 AM, Denis Roy wrote:
> On 05/24/2012 06:30 AM, Stephan Herrmann wrote:
>> On 05/24/2012 06:40 AM, David M Williams wrote:
>>> Look at these reports:
>> Looking at verified.txt I see lots of
>> "jar verified. Warning: This jar contains entries whose signer
>> certificate has expired. Re-run with the -verbose and -certs options
>> for more details."
>> It seems to fix this we'd have to re-build and sign ALL jars that
>> have been signed before the switch to the new certificate and never
>> changed since?
> Technically, you don't need to rebuild and resign your jars. It's just
> a warning that the certificate used is now expired, but the signature is
> perfectly valid.
> If you absolutely want to eliminate the warning, just re-sign the jars
> with the new cert. No need to rebuild them.
> cross-project-issues-dev mailing list
cross-project-issues-dev mailing list