Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[cross-project-issues-dev] Jubula: Invalid signature with eclipse-signing-maven-plugin

We recently made the switch over to the eclipse-signing-maven-plugin for repacking, signing, and packing the Jubula project, using https://hudson.eclipse.org/hudson/job/linuxtools-Indigo as a reference (for job and pom). After the switch, I noticed that the produced p2 repository contained at least one invalidly signed jar (org.eclipse.jubula.client.core). The jar in question contains classes compiled from generated code, but other than that, I'm not sure what would cause this jar to be handled any differently from the others.

In the job https://hudson.eclipse.org/hudson/job/jubula-nightly, the following error occurs while performing the pack/repack operation after conditioning and signing:
----------------------------------------------
Processing /opt/users/hudsonbuild/workspace/jubula-nightly/jubula/org.eclipse.jubula.site/target/signed/site_assembly.zip

[ERROR] STDERR: Exception in thread "main" java.lang.SecurityException: SHA1 digest error for org/eclipse/jubula/client/core/gen/parser/parameter/parser/Parser.class STDERR: at sun.security.util.ManifestEntryVerifier.verify(ManifestEntryVerifier.java:196)
STDERR:     at java.util.jar.JarVerifier.processEntry(JarVerifier.java:201)
STDERR:     at java.util.jar.JarVerifier.update(JarVerifier.java:188)
STDERR: at java.util.jar.JarVerifier$VerifierStream.read(JarVerifier.java:403) STDERR: at java.io.BufferedInputStream.fill(BufferedInputStream.java:218) STDERR: at java.io.BufferedInputStream.read1(BufferedInputStream.java:256) STDERR: at java.io.BufferedInputStream.read(BufferedInputStream.java:313)
STDERR:     at java.io.FilterInputStream.read(FilterInputStream.java:111)
STDERR: at com.sun.java.util.jar.pack.ClassReader$1.read(ClassReader.java:38)
STDERR:     at java.io.DataInputStream.readFully(DataInputStream.java:176)
STDERR:     at java.io.DataInputStream.readFully(DataInputStream.java:152)
STDERR: at com.sun.java.util.jar.pack.ClassReader.readAttributes(ClassReader.java:401) STDERR: at com.sun.java.util.jar.pack.ClassReader.readCode(ClassReader.java:423) STDERR: at com.sun.java.util.jar.pack.ClassReader.readAttributes(ClassReader.java:392) STDERR: at com.sun.java.util.jar.pack.ClassReader.readMember(ClassReader.java:314) STDERR: at com.sun.java.util.jar.pack.ClassReader.readMembers(ClassReader.java:300) STDERR: at com.sun.java.util.jar.pack.ClassReader.read(ClassReader.java:126) STDERR: at com.sun.java.util.jar.pack.PackerImpl$DoPack.readClass(PackerImpl.java:491) STDERR: at com.sun.java.util.jar.pack.PackerImpl$DoPack.run(PackerImpl.java:465) STDERR: at com.sun.java.util.jar.pack.PackerImpl.pack(PackerImpl.java:73)
STDERR:     at com.sun.java.util.jar.pack.Driver.main(Driver.java:262)
----------------------------------------------

The job succeeds despite that error, but running "jarsigner -verify org.eclipse.jubula.client.core_$VERSION.jar" on the resulting repo produces the same error. Has anybody encountered a similar error or could offer some advice?

 - Zeb

--
BREDEX GmbH
Mauernstr. 33
38100 Braunschweig

Tel.: +49-531-24330-0
Fax:  +49-531-24330-99
http: www.bredex.de

Geschäftsführer: Hans-J. Brede, Achim Lörke, Ulrich Obst
Amtsgericht Braunschweig HRB 2450


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


Back to the top