You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Neeme Praks (JIRA)" <ji...@codehaus.org> on 2014/05/29 09:38:10 UTC

[jira] (MSHADE-147) Failure to shade without explanation when signature is invalid

     [ https://jira.codehaus.org/browse/MSHADE-147?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Neeme Praks updated MSHADE-147:
-------------------------------

    Attachment: patch.txt

Attached a patch to:
* print a nice error message when there is an error while reading JAR file contents (includes JAR entry path and JAR file path)
* add a "disableJarFileVerification" configuration option for DefaultShader -- when enabled, dependency JAR file verification is turned off

> Failure to shade without explanation when signature is invalid
> --------------------------------------------------------------
>
>                 Key: MSHADE-147
>                 URL: https://jira.codehaus.org/browse/MSHADE-147
>             Project: Maven Shade Plugin
>          Issue Type: Bug
>    Affects Versions: 2.0
>         Environment: JDK 7u21, Linux, Maven 3.0.5
>            Reporter: Jesse Glick
>            Priority: Minor
>         Attachments: patch.txt, stuff.zip
>
>
> If there is a signature error in a shaded dependency, you can get a build error like this:
> {code:none}
> org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-shade-plugin:2.0:shade (shade) on project stuff: Error creating shaded jar: Invalid signature file digest for Manifest main attributes
> 	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:217)
> 	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
> 	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
> 	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:84)
> 	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:59)
> 	at org.apache.maven.lifecycle.internal.LifecycleStarter.singleThreadedBuild(LifecycleStarter.java:183)
> 	at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:161)
> 	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:320)
> 	at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:156)
> 	at org.jvnet.hudson.maven3.launcher.Maven3Launcher.main(Maven3Launcher.java:79)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	at java.lang.reflect.Method.invoke(Method.java:601)
> 	at org.codehaus.plexus.classworlds.launcher.Launcher.launchStandard(Launcher.java:329)
> 	at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:239)
> 	at org.jvnet.hudson.maven3.agent.Maven3Main.launch(Maven3Main.java:158)
> 	at hudson.maven.Maven3Builder.call(Maven3Builder.java:100)
> 	at hudson.maven.Maven3Builder.call(Maven3Builder.java:66)
> 	at hudson.remoting.UserRequest.perform(UserRequest.java:118)
> 	at hudson.remoting.UserRequest.perform(UserRequest.java:48)
> 	at hudson.remoting.Request$2.run(Request.java:326)
> 	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
> 	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> 	at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> 	at java.lang.Thread.run(Thread.java:722)
> Caused by: org.apache.maven.plugin.MojoExecutionException: Error creating shaded jar: Invalid signature file digest for Manifest main attributes
> 	at org.apache.maven.plugins.shade.mojo.ShadeMojo.execute(ShadeMojo.java:551)
> 	at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:101)
> 	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:209)
> 	... 27 more
> Caused by: java.lang.SecurityException: Invalid signature file digest for Manifest main attributes
> 	at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:240)
> 	at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193)
> 	at java.util.jar.JarVerifier.processEntry(JarVerifier.java:305)
> 	at java.util.jar.JarVerifier.update(JarVerifier.java:216)
> 	at java.util.jar.JarFile.initializeVerifier(JarFile.java:345)
> 	at java.util.jar.JarFile.getInputStream(JarFile.java:412)
> 	at org.apache.maven.plugins.shade.DefaultShader.shade(DefaultShader.java:134)
> 	at org.apache.maven.plugins.shade.mojo.ShadeMojo.execute(ShadeMojo.java:484)
> 	... 29 more
> {code}
> Apparently {{DefaultShader}} is using the {{JarFile}} constructor that enables signature verification. That may be correct, but if so it should catch {{SecurityException}} and report the problem more nicely, say with the name of the bad dependency, and perhaps with instructions on how to configure the plugin to ignore this dependency or override the signature check.
> Attaching my test project, though I cannot consistently reproduce the problem with this. (Seems to file from inside Jenkins but not outside; not yet sure what the difference would be.)
> MSHADE-90 is a bit related.



--
This message was sent by Atlassian JIRA
(v6.1.6#6162)