On 11/03/2025 13:41, Rainer Jung wrote:
Am 11.03.25 um 14:31 schrieb Emmanuel Bourg:
On 11/03/2025 13:09, Mark Thomas wrote:
It is JSign again.
If I switch back to JSign 6.0 the build starts working. Based on what
we have seen previously, it looks JSign is retaining a reference to
the Uninstall.exe that it has just injected the signature into and
that is preventing NSIS from copying the file.
Because Ant uses JSign in process, it is particularly susceptible to
any issues with not closing files.
That's odd because the attach process runs in a try-with-resources
block and the channel should be closed at the end [1]. I'll investigate.
Emmanuel Bourg
[1] https://github.com/ebourg/jsign/blob/7.1/jsign-core/src/main/java/
net/jsign/SignerHelper.java#L438
In my case it happened when attaching a pre-existing signature to the
file via JSign. I had not setup the infrastructure for a real signing.
Also the pre-existing signature was not really the one from the file, so
the result was expectedly invalid from a signing point of view.
Don't know, whether it was the same for Mark. Just mentioning it,
because that might be another code path in JSign.
I'm testing with the real signing service.
I have found an issue. The timestamp of the Uninstaller isn't reset
after the signature is inserted so that breaks repeatable builds. I
should be able to fix that fairly quickly.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
