[
http://jira.codehaus.org/browse/MSHADE-61?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=189223#action_189223
]
Valerio Schiavoni commented on MSHADE-61:
-----------------------------------------
The issue doesn't seem to originate form the order of the attributes in the
manifest. Instead, one of the shaded dependecies's jar was signed. In
particular, the file ECLIPSE.RSA is stored in the META-INF/ directory of the
shaded jar.
> Custom manifes entries produce a SecurityException
> --------------------------------------------------
>
> Key: MSHADE-61
> URL: http://jira.codehaus.org/browse/MSHADE-61
> Project: Maven 2.x Shade Plugin
> Issue Type: Bug
> Affects Versions: 1.2.1
> Environment: mac osx, maven 2.2,java version "1.6.0_13"
> Java(TM) SE Runtime Environment (build 1.6.0_13-b03-211)
> Java HotSpot(TM) 64-Bit Server VM (build 11.3-b02-83, mixed mode)
>
> Reporter: Valerio Schiavoni
>
> Given the following configuration:
> <profile>
> <id>pack2</id>
> <build>
> <defaultGoal>package</defaultGoal>
> <plugins>
> <plugin>
>
> <groupId>org.apache.maven.plugins</groupId>
>
> <artifactId>maven-shade-plugin</artifactId>
> <executions>
> <execution>
> <phase>package</phase>
> <goals>
> <goal>shade</goal>
> </goals>
> <configuration>
>
> <shadedArtifactAttached>true</shadedArtifactAttached>
>
> <shadedClassifierName>jackofall</shadedClassifierName> <!-- Any name that
> makes sense -->
> <transformers>
>
> <transformer
> implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer"/>
> <transformer
> implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
>
> <manifestEntries>
> <Main-Class>org.ow2.frascati.factory.ManifestLauncher</Main-Class>
>
> <mainComposite>pomodoro</mainComposite>
>
> </manifestEntries>
> </transformer>
> </transformers>
> </configuration>
> </execution>
> </executions>
> </plugin>
> </plugins>
> </build>
> </profile>
> Once the jar is executed, I get this stacktrace:
> Exception in thread "main" java.lang.SecurityException: Invalid signature
> file digest for Manifest main attributes
> at
> sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:221)
> at
> sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:176)
> at java.util.jar.JarVerifier.processEntry(JarVerifier.java:277)
> at java.util.jar.JarVerifier.update(JarVerifier.java:188)
> at java.util.jar.JarFile.initializeVerifier(JarFile.java:321)
> at java.util.jar.JarFile.getInputStream(JarFile.java:386)
> at
> sun.misc.URLClassPath$JarLoader$2.getInputStream(URLClassPath.java:689)
> at sun.misc.Resource.cachedInputStream(Resource.java:59)
> at sun.misc.Resource.getByteBuffer(Resource.java:154)
> at java.net.URLClassLoader.defineClass(URLClassLoader.java:249)
> at java.net.URLClassLoader.access$000(URLClassLoader.java:56)
> at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:319)
> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:330)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:254)
> at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:402)
> Maybe this is due to the fact that the custom manifest entry (mainComposite)
> is written in the middle of the manifest's main entries:
> Manifest-Version: 1.0
> Build-Jdk: 1.6.0_13
> Built-By: veleno
> mainComposite: pomodoro <<<<<<
> Created-By: Apache Maven
> Main-Class: org.ow2.frascati.factory.ManifestLauncher
> Archiver-Version: Plexus Archiver
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
