[jira] (MSHADE-147) Failure to shade without explanation when signature is invalid

Tue, 21 May 2013 13:50:20 -0700 

Jesse Glick created MSHADE-147:
----------------------------------

             Summary: Failure to shade without explanation when signature is 
invalid
                 Key: MSHADE-147
                 URL: https://jira.codehaus.org/browse/MSHADE-147
             Project: Maven 2.x Shade Plugin
          Issue Type: Bug
    Affects Versions: 2.0
         Environment: JDK 7u21, Linux, Maven 3.0.5
            Reporter: Jesse Glick
            Priority: Minor
         Attachments: stuff.zip

If there is a signature error in a shaded dependency, you can get a build error 
like this:

{code:none}
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal 
org.apache.maven.plugins:maven-shade-plugin:2.0:shade (shade) on project stuff: 
Error creating shaded jar: Invalid signature file digest for Manifest main 
attributes
        at 
org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:217)
        at 
org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
        at 
org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
        at 
org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:84)
        at 
org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:59)
        at 
org.apache.maven.lifecycle.internal.LifecycleStarter.singleThreadedBuild(LifecycleStarter.java:183)
        at 
org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:161)
        at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:320)
        at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:156)
        at 
org.jvnet.hudson.maven3.launcher.Maven3Launcher.main(Maven3Launcher.java:79)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at 
org.codehaus.plexus.classworlds.launcher.Launcher.launchStandard(Launcher.java:329)
        at 
org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:239)
        at org.jvnet.hudson.maven3.agent.Maven3Main.launch(Maven3Main.java:158)
        at hudson.maven.Maven3Builder.call(Maven3Builder.java:100)
        at hudson.maven.Maven3Builder.call(Maven3Builder.java:66)
        at hudson.remoting.UserRequest.perform(UserRequest.java:118)
        at hudson.remoting.UserRequest.perform(UserRequest.java:48)
        at hudson.remoting.Request$2.run(Request.java:326)
        at 
hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
        at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
        at java.util.concurrent.FutureTask.run(FutureTask.java:166)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:722)
Caused by: org.apache.maven.plugin.MojoExecutionException: Error creating 
shaded jar: Invalid signature file digest for Manifest main attributes
        at 
org.apache.maven.plugins.shade.mojo.ShadeMojo.execute(ShadeMojo.java:551)
        at 
org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:101)
        at 
org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:209)
        ... 27 more
Caused by: java.lang.SecurityException: Invalid signature file digest for 
Manifest main attributes
        at 
sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:240)
        at 
sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193)
        at java.util.jar.JarVerifier.processEntry(JarVerifier.java:305)
        at java.util.jar.JarVerifier.update(JarVerifier.java:216)
        at java.util.jar.JarFile.initializeVerifier(JarFile.java:345)
        at java.util.jar.JarFile.getInputStream(JarFile.java:412)
        at 
org.apache.maven.plugins.shade.DefaultShader.shade(DefaultShader.java:134)
        at 
org.apache.maven.plugins.shade.mojo.ShadeMojo.execute(ShadeMojo.java:484)
        ... 29 more
{code}

Apparently {{DefaultShader}} is using the {{JarFile}} constructor that enables 
signature verification. That may be correct, but if so it should catch 
{{SecurityException}} and report the problem more nicely, say with the name of 
the bad dependency, and perhaps with instructions on how to configure the 
plugin to ignore this dependency or override the signature check.

Attaching my test project, though I cannot consistently reproduce the problem 
with this. (Seems to file from inside Jenkins but not outside; not yet sure 
what the difference would be.)

MSHADE-90 is a bit related.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to