Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] A funny thing happened on the way to Mars.2 -- in Orbit


David M Williams wrote:
> But since there is a "bad" one out there (in Orbit, at least) with the
> same version, I was suggesting to verify if it was in your project
> repositories to make sure you had the good one.
> If it is the good one, you get "jar verified" as above.
> If it is "the bad one" it will be pretty obvious:
> $ jarsigner -verify
> org.apache.httpcomponents.httpclient_4.3.6.v201411290715.jar
> jarsigner: java.lang.SecurityException: SHA1 digest error for
> org/apache/http/client/cache/HttpCacheEntry.class

FWIW, I just found out that only the plain JAR in Orbit is "bad"; the
JAR.pack.gz is not, i.e., it unpack200s to a JAR that verifies just fine
[1]. If your build prefers pack200ed JARs over plain JARs, you should
get a "good" JAR from Orbit, but of course it's better to double-check
what you are distributing exactly.

Best wishes,


[1] <>

Codetrails GmbH
The knowledge transfer company

Robert-Bosch-Str. 7, 64293 Darmstadt
Phone: +49-6151-276-7092
Mobile: +49-170-811-3791

Managing Director: Dr. Marcel Bruch
Handelsregister: Darmstadt HRB 91940

Back to the top