Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [rdf4j-dev] Locationtech spatial4j is causing shaded jar problems due to signatures
Actually, RDF4J itself produces signed jars as well. Artifacts being signed with a PGP signature is a requirement for being hosted on the Central repository.

But this SecurityException is worrying. Can you elaborate on the steps you did to get this error (and what you did to work around it)? I haven't personally seen it happen so I wonder what I am doing differently from you.

Jeen

On Mon, Dec 24, 2018 at 3:26 AM Håvard Ottestad <hmottestad@xxxxxxxxx> wrote:
Hi,

In the great Christmas spirit I’ve been using some spare time to do some coding. Fixing some bugs and bumping some versions.

When moving from 2.3.x to 2.4.x my project wouldn’t build anymore due to some java signature validation error.

[ERROR] Exit code: 1 - java.lang.SecurityException: Invalid signature file digest for Manifest main attributes

I’ve traced the error back to this jar file:

org.locationtech.spatial4j:spatial4j:jar

I’m not sure why they need to sign their jar. The only signed jars I’ve seen so far in my life have been the bouncycastle ones, which are crypto libraries.

I’ve found a workaround, but I’m not very happy with this being required of our users. 

Cheers,
Håvard
_______________________________________________
rdf4j-dev mailing list
rdf4j-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/rdf4j-dev

Back to the top