Home » Modeling » EMF » Expired certificate with org.eclipse.emf.ecore 2.7.0(Certificate issue with org.eclipse.emf.ecore)
Expired certificate with org.eclipse.emf.ecore 2.7.0 [message #923180] |
Tue, 25 September 2012 17:20 |
|
Hello,
I am working on an Eclipse plugin which use Maven 3.0.4 and Tycho.
Here is MANIFEST.MF Require-Bundle section :
[...]
Require-Bundle: org.eclipse.xtext;bundle-version="2.3.1";visibility:=reexport,
org.apache.log4j;visibility:=reexport,
org.apache.commons.logging;resolution:=optional;visibility:=reexport,
org.eclipse.xtext.generator;resolution:=optional,
org.eclipse.emf.codegen.ecore;resolution:=optional,
org.eclipse.emf.mwe.utils;resolution:=optional,
org.eclipse.emf.mwe2.launch;resolution:=optional,
org.eclipse.xtext.util,
org.eclipse.emf.ecore;bundle-version="2.5.0",
org.eclipse.emf.common,
org.antlr.runtime,
org.eclipse.xtext.common.types
[...]
I'm using fornax-oaw-m2-plugin to perform initial source generation.
The build process found org.eclipse.emf.ecore-2.7.0.v20120127-1122.jar as dependency and download it. But fornax fails with a :
java.lang.SecurityException: class "org.eclipse.emf.ecore.impl.MinimalEObjectImpl$Container"'s signer information does not match signer information of other classes in the same package
I checked the file with jarsign, and saw :
[entry was signed on 27/01/12 17:27]
X.509, CN="Eclipse.org Foundation, Inc", OU=Digital ID Class 3 - Java Object Signing, O="Eclipse.org Foundation, Inc", L=Ottawa, ST=Ontario, C=CA
[certificate expired on 14/04/12 01:59]
Now i'm stuck with that bundle, and after one day googling around and trying to found information, i can't go ahead with my build. Is there any way to find a most-recently-signed
version of this bundle, or maybe a made a mistake somewhere else?
I would appreciate if someone could give me some clue.. thanks by advance.
Aurelien
|
|
|
Re: Expired certificate with org.eclipse.emf.ecore 2.7.0 [message #923273 is a reply to message #923180] |
Tue, 25 September 2012 19:27 |
Ed Merks Messages: 33236 Registered: July 2009 |
Senior Member |
|
|
It seems to me there was some JDK version that was causing these false
failures. In any case, the EMF 2.8 release (part of Juno) should have a
recent signature...
On 25/09/2012 7:20 PM, aurelien labrosse wrote:
> Hello,
>
> I am working on an Eclipse plugin which use Maven 3.0.4 and Tycho.
> Here is MANIFEST.MF Require-Bundle section :
>
> [...]
> Require-Bundle:
> org.eclipse.xtext;bundle-version="2.3.1";visibility:=reexport,
> org.apache.log4j;visibility:=reexport,
> org.apache.commons.logging;resolution:=optional;visibility:=reexport,
> org.eclipse.xtext.generator;resolution:=optional,
> org.eclipse.emf.codegen.ecore;resolution:=optional,
> org.eclipse.emf.mwe.utils;resolution:=optional,
> org.eclipse.emf.mwe2.launch;resolution:=optional,
> org.eclipse.xtext.util,
> org.eclipse.emf.ecore;bundle-version="2.5.0",
> org.eclipse.emf.common,
> org.antlr.runtime,
> org.eclipse.xtext.common.types
> [...]
>
> I'm using fornax-oaw-m2-plugin to perform initial source generation.
> The build process found org.eclipse.emf.ecore-2.7.0.v20120127-1122.jar
> as dependency and download it. But fornax fails with a :
> java.lang.SecurityException: class
> "org.eclipse.emf.ecore.impl.MinimalEObjectImpl$Container"'s signer
> information does not match signer information of other classes in the
> same package
>
> I checked the file with jarsign, and saw :
> [entry was signed on 27/01/12 17:27]
> X.509, CN="Eclipse.org Foundation, Inc", OU=Digital ID Class 3 -
> Java Object Signing, O="Eclipse.org Foundation, Inc", L=Ottawa,
> ST=Ontario, C=CA
> [certificate expired on 14/04/12 01:59]
>
> Now i'm stuck with that bundle, and after one day googling around and
> trying to found information, i can't go ahead with my build. Is there
> any way to find a most-recently-signed
> version of this bundle, or maybe a made a mistake somewhere else?
>
> I would appreciate if someone could give me some clue.. thanks by
> advance.
>
> Aurelien
>
>
>
>
Ed Merks
Professional Support: https://www.macromodeling.com/
|
|
|
Re: Expired certificate with org.eclipse.emf.ecore 2.7.0 [message #923915 is a reply to message #923273] |
Wed, 26 September 2012 09:58 |
|
Thanks for your reply.
I made a small script to check all my project's classpath jars, and found a lot of expired ones. I tried to get Juno versions, but failed.
It seems some 3rd party bundles that are part of the project need these old version so I wonder where i can download expired certificates and install them as trusted ones into java cacerts.
Thanks,
Aurelien
|
|
| |
Re: Expired certificate with org.eclipse.emf.ecore 2.7.0 [message #924048 is a reply to message #923969] |
Wed, 26 September 2012 12:53 |
|
Thanks for your reply. I now have dependency on a fresh bundle (org.eclipse.emf.ecore/2.8.0.v20120606-0717) but anyway, i still have this error :
[...]Caused by: java.lang.SecurityException: class "org.eclipse.emf.ecore.impl.MinimalEObjectImpl$Container"'s signer information does not match signer information of other classes in the same package[...]
So i extracted all my maven classpath with
mvn dependency:build-classpath -Dmdep.outputFile=cp.txt
and scan this classpath to find multiple occurence of MinimalEObjectImpl$Container class, using a small tool named findclass. It gave me a sad result : the incriminated class is ONLY in org.eclipse.emf.ecore, which now have a good signature.
|
|
| | |
Goto Forum:
Current Time: Sat Oct 19 15:57:28 GMT 2024
Powered by FUDForum. Page generated in 0.03549 seconds
|