Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jgit-dev] Hamcrest Matcher libraries are not aligned?

On Thu, May 24, 2018 at 6:25 AM, David Pursehouse <david.pursehouse@xxxxxxxxx> wrote:
On Thu, May 24, 2018 at 1:13 PM David Pursehouse <david.pursehouse@xxxxxxxxx> wrote:
On Thu, May 24, 2018 at 11:09 AM Masaya Suzuki <draftcode@xxxxxxxxx> wrote:
Hi,

I find that when I run org.eclipse.jgit.transport.UploadPackTest in Eclipse, it throws an exception:

java.lang.SecurityException: class "org.hamcrest.Matchers"'s signer information does not match signer information of other classes in the same package

I'm using the target platform "jgit-4.8", and it seems it uses org.hamcrest.core 1.3.0.v20180227-1814 and org.hamcrest.library 1.3.0.v201505072020 from http://download.eclipse.org/tools/orbit/downloads/drops/S20180302171354/repository. The downloaded jars are signed, but it looks like the certs used to sign are different. According to jarsigner, org.hamcrest.core 1.3.0.v20180227-1814 is signed with

- Signed by "CN="Eclipse.org Foundation, Inc.", OU=IT, O="Eclipse.org Foundation, Inc.", L=Nepean, ST=Ontario, C=CA"
    Digest algorithm: SHA-256
    Signature algorithm: SHA256withRSA, 2048-bit key
  Timestamped by "CN=Symantec SHA256 TimeStamping Signer - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US" on Fri Mar 02 17:07:56 UTC 2018
    Timestamp digest algorithm: SHA-256
    Timestamp signature algorithm: SHA256withRSA, 2048-bit key

while org.hamcrest.library 1.3.0.v201505072020 is signed with

- Signed by "CN="Eclipse Foundation, Inc.", OU=IT, O="Eclipse Foundation, Inc.", L=Ottawa, ST=Ontario, C=CA"
    Digest algorithm: SHA-256
    Signature algorithm: SHA256withRSA, 2048-bit key
  Timestamped by "CN=GeoTrust Timestamping Signer 1, O=GeoTrust Inc, C=US" on Tue May 12 22:11:46 UTC 2015
    Timestamp digest algorithm: SHA-1
    Timestamp signature algorithm: SHA1withRSA, 1024-bit key

I think this was introduced by https://eclipse.googlesource.com/jgit/jgit/+/9b414ffd3c4304fb45c5af8cf56f990b438c4ca8, but it's almost three months ago. Maybe my set-up is wrong, but does anybody see the same problem?

I also get the same SecurityException in Eclipse, but it's not limited to UploadPackTest. The following tests also fail with the same cause:

- DfsBlockCacheConfigTest
- PackInserterTest
- GcPackRefsTest

 

The following tests also fail, but due to assertion failures unrelated to hamcrest:

- EGitPatchHistoryTest
 

 
- CGitVsJGitRandomIgnorePatternTest
 
 

All the tests pass with mvn and bazel on the command line. I guess the reason these failures in Eclipse have been overlooked is that nobody runs the entire suite in Eclipse.

I update the target platform with latest Orbit repository which fixes these test errors in Eclipse

-Matthias 

Back to the top