[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[p2-dev] Questions about the JarProcessor
|
We bundle the com.ibm.icu.base plug-in on our headless update site. We
pick it from Orbit where it's signed. There is however no pack200
artifact so we try to create the pack.gz when we publish our site. That
turns out to be tricky:
The JarProcessor reads the eclipse.inf from the META-INF folder of the
jar. That file contains one line:
#Processed using Jarprocessor
This is not sufficient for the JarProcessor. It adds:
pack200.conditioned = true
and then it recreates the jar file. Next, it attempts to run pack200 on
the file. Not surprisingly, that fails with:
Exception in thread "main" java.lang.SecurityException: SHA1 digest
error for META-INF/eclipse.inf
This seems like a bug to me. If the jar processor encounters a signed
jar file it has two options:
1. Leave the file alone.
2. Remove all signing information from the file when recreating it.
Altering a signed file while retaining the digests can *never* be the
right thing to do. If I provide a patch for this, what approach would
you consider correct? Should this be controlled by an option? My
personal opinion is that no option is needed and that the JarProcessor
do #1 in all cases. The pack step in particular needs to retain the
signing info.
- thomas