You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by "Wang, Simon" <Yu...@ebay.com> on 2012/10/17 03:38:56 UTC
mvn dependency:analyze failed:Invalid signature file digest for
Manifest main attributes
Hi,
I'm trying to analyze my dependencies, but encountered "Invalid signature file digest for Manifest main attributes" issue.
I know it should be caused by signed jar is changed.
But you know there are lot of dependency jars there. Is there a tool to identify which signed jar is changed?
Error log is here:
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-dependency-plugin:
2.1:analyze (default-cli) on project XXX: Execution default-cli of goal org.apache.maven.plugins:maven-dependency-plugin:2.1:analyze failed: Invalid signature file digest for Manifest main attributes -> [Help 1]
Regards
Simon
RE: mvn dependency:analyze failed:Invalid signature file digest for
Manifest main attributes
Posted by "Wang, Simon" <Yu...@ebay.com>.
Yes, I did.
It should be caused by that signed jars are changed.
But my question is "whether there is a tool to identify which signed jars are changed?"
Regards
Simon
Here is stack trace:
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-dependency-plugin:
2.1:analyze (default-cli) on project CoreAppFramework: Execution default-cli of
goal org.apache.maven.plugins:maven-dependency-plugin:2.1:analyze failed: Invali
d signature file digest for Manifest main attributes -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal o
rg.apache.maven.plugins:maven-dependency-plugin:2.1:analyze (default-cli) on pro
ject CoreAppFramework: Execution default-cli of goal org.apache.maven.plugins:ma
ven-dependency-plugin:2.1:analyze failed: Invalid signature file digest for Mani
fest main attributes
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor
.java:225)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor
.java:153)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor
.java:145)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProje
ct(LifecycleModuleBuilder.java:84)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProje
ct(LifecycleModuleBuilder.java:59)
at org.apache.maven.lifecycle.internal.LifecycleStarter.singleThreadedBu
ild(LifecycleStarter.java:183)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(Lifecycl
eStarter.java:161)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:320)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:156)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:537)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:196)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:141)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Laun
cher.java:290)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.jav
a:230)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(La
uncher.java:409)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:
352)
Caused by: org.apache.maven.plugin.PluginExecutionException: Execution default-c
li of goal org.apache.maven.plugins:maven-dependency-plugin:2.1:analyze failed:
Invalid signature file digest for Manifest main attributes
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(Default
BuildPluginManager.java:110)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor
.java:209)
... 19 more
Caused by: java.lang.SecurityException: Invalid signature file digest for Manife
st main attributes
at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVeri
fier.java:241)
at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier
.java:196)
at java.util.jar.JarVerifier.processEntry(JarVerifier.java:266)
at java.util.jar.JarVerifier.update(JarVerifier.java:220)
at java.util.jar.JarInputStream.read(JarInputStream.java:193)
at java.util.zip.ZipInputStream.closeEntry(ZipInputStream.java:111)
at java.util.zip.ZipInputStream.getNextEntry(ZipInputStream.java:89)
at java.util.jar.JarInputStream.getNextEntry(JarInputStream.java:129)
at java.util.jar.JarInputStream.getNextJarEntry(JarInputStream.java:160)
at org.apache.maven.shared.dependency.analyzer.ClassFileVisitorUtils.acc
eptJar(ClassFileVisitorUtils.java:99)
at org.apache.maven.shared.dependency.analyzer.ClassFileVisitorUtils.acc
ept(ClassFileVisitorUtils.java:60)
at org.apache.maven.shared.dependency.analyzer.DefaultClassAnalyzer.anal
yze(DefaultClassAnalyzer.java:46)
at org.apache.maven.shared.dependency.analyzer.DefaultProjectDependencyA
nalyzer.buildArtifactClassMap(DefaultProjectDependencyAnalyzer.java:153)
at org.apache.maven.shared.dependency.analyzer.DefaultProjectDependencyA
nalyzer.analyze(DefaultProjectDependencyAnalyzer.java:72)
at org.apache.maven.plugin.dependency.AbstractAnalyzeMojo.checkDependenc
ies(AbstractAnalyzeMojo.java:168)
at org.apache.maven.plugin.dependency.AbstractAnalyzeMojo.execute(Abstra
ctAnalyzeMojo.java:152)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(Default
BuildPluginManager.java:101)
... 20 more
-----Original Message-----
From: Wayne Fay [mailto:waynefay@gmail.com]
Sent: 2012年10月17日 12:00
To: Maven Users List
Subject: Re: mvn dependency:analyze failed:Invalid signature file digest for Manifest main attributes
> But you know there are lot of dependency jars there. Is there a
> tool to identify which signed jar is changed?
Did you try adding -X for debug ouput?
Wayne
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: mvn dependency:analyze failed:Invalid signature file digest for
Manifest main attributes
Posted by Wayne Fay <wa...@gmail.com>.
> But you know there are lot of dependency jars there. Is there a tool to
> identify which signed jar is changed?
Did you try adding -X for debug ouput?
Wayne
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
RE: mvn dependency:analyze failed:Invalid signature file digest for
Manifest main attributes
Posted by "Wang, Simon" <Yu...@ebay.com>.
Yes, you're right, but there are lots of dependency jars.
Do you know whether there is a tool(maven plugin) to identify those signed changed jars?
Regards
Simon
-----Original Message-----
From: Martin Gainty [mailto:mgainty@hotmail.com]
Sent: 2012年10月17日 10:41
To: users@maven.apache.org
Subject: RE: mvn dependency:analyze failed:Invalid signature file digest for Manifest main attributes
the manifest.mf contains a MD5-Digest which looks like
Manifest-Version: 1.0
Name: bibparse-1.04/META-INF/MANIFEST.MF
Digest-Algorithms: SHA MD5
SHA-Digest: +ZeuKiF1Qrq/ym6omfGMSD5tel0=
MD5-Digest: uK1nT2MOzIU5HgaZzmZgHg==where the digest contained in MD-5 does not conform to the actual generated MD5 *for the jar *
Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
> From: Yunfeng.Wang@ebay.com
> To: users@maven.apache.org
> Subject: mvn dependency:analyze failed:Invalid signature file digest for Manifest main attributes
> Date: Wed, 17 Oct 2012 01:38:56 +0000
>
> Hi,
> I'm trying to analyze my dependencies, but encountered "Invalid signature file digest for Manifest main attributes" issue.
> I know it should be caused by signed jar is changed.
> But you know there are lot of dependency jars there. Is there a tool to identify which signed jar is changed?
>
> Error log is here:
> [ERROR] Failed to execute goal org.apache.maven.plugins:maven-dependency-plugin:
> 2.1:analyze (default-cli) on project XXX: Execution default-cli of goal org.apache.maven.plugins:maven-dependency-plugin:2.1:analyze failed: Invalid signature file digest for Manifest main attributes -> [Help 1]
>
> Regards
> Simon
RE: mvn dependency:analyze failed:Invalid signature file digest for
Manifest main attributes
Posted by Martin Gainty <mg...@hotmail.com>.
the manifest.mf contains a MD5-Digest which looks like
Manifest-Version: 1.0
Name: bibparse-1.04/META-INF/MANIFEST.MF
Digest-Algorithms: SHA MD5
SHA-Digest: +ZeuKiF1Qrq/ym6omfGMSD5tel0=
MD5-Digest: uK1nT2MOzIU5HgaZzmZgHg==where the digest contained in MD-5 does not conform to the actual generated MD5 *for the jar *
Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
> From: Yunfeng.Wang@ebay.com
> To: users@maven.apache.org
> Subject: mvn dependency:analyze failed:Invalid signature file digest for Manifest main attributes
> Date: Wed, 17 Oct 2012 01:38:56 +0000
>
> Hi,
> I'm trying to analyze my dependencies, but encountered "Invalid signature file digest for Manifest main attributes" issue.
> I know it should be caused by signed jar is changed.
> But you know there are lot of dependency jars there. Is there a tool to identify which signed jar is changed?
>
> Error log is here:
> [ERROR] Failed to execute goal org.apache.maven.plugins:maven-dependency-plugin:
> 2.1:analyze (default-cli) on project XXX: Execution default-cli of goal org.apache.maven.plugins:maven-dependency-plugin:2.1:analyze failed: Invalid signature file digest for Manifest main attributes -> [Help 1]
>
> Regards
> Simon