[VOTE][CANCELLED] Release Apache Tomcat 9.0.47

2021-06-09 Thread Rémy Maucherat 
TLDR: Please review the packaging / signatures / whatever even though the
9.0.47 release is cancelled !

The proposed Apache Tomcat 9.0.47 release is now available for
voting.

The notable changes compared to 9.0.46 are:

- Improve robustness of HTTP/2 HPACK decoding

- Improvements to the handling of the Transfer-Encoding header

- Review code used to generate Java source from JSPs and tags and remove
   code found to be unnecessary.

- Backport the updated blocking NIO code and optimizations from Tomcat 10.0.

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://ci.apache.org/projects/tomcat/tomcat-9.0.x/docs/changelog.html


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.47/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1314/
The tag is:
https://github.com/apache/tomcat/tree/9.0.47
e2febebd2fffc10764f70bdd7a3c879f571b3795

The proposed 9.0.47 release is:
[X] Broken - do not release

Broken due to an issue with the reflection code generator that did not get
updated after the NIO backport (one introspected class is now missing).
Unfortunately this part is not usually run so I never noticed it until I
did the release target.

Rémy

[tomcat] branch 9.0.x updated: Increment versions

2021-06-09 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new f5d6e24  Increment versions
f5d6e24 is described below

commit f5d6e248f027fb1f08fe3053a2c7f6a5e7066657
Author: remm 
AuthorDate: Wed Jun 9 09:14:21 2021 +0200

Increment versions
---
 build.properties.default | 2 +-
 res/maven/mvn.properties.default | 2 +-
 webapps/docs/changelog.xml   | 4 +++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 1394534..7838db8 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -25,7 +25,7 @@
 # - Version Control Flags -
 version.major=9
 version.minor=0
-version.build=47
+version.build=48
 version.patch=0
 version.suffix=-dev
 
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index 4c63abf..d49a35e 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@ 
maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
 maven.asf.release.repo.repositoryId=apache.releases.https
 
 # Release version info
-maven.asf.release.deploy.version=9.0.47
+maven.asf.release.deploy.version=9.0.48
 
 #Where do we load the libraries from
 tomcat.lib.path=../../output/build/lib
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a183965..0f8e742 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,7 +104,9 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
+
+
   
 
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65367] New: p2 major

2021-06-09 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65367

Bug ID: 65367
   Summary: p2 major
   Product: Tomcat 7
   Version: 7.0.81
  Hardware: PC
Status: NEW
  Severity: normal
  Priority: P2
 Component: WebSocket
  Assignee: dev@tomcat.apache.org
  Reporter: das...@dropjar.com
  Target Milestone: ---

https://sportskdslots777.com/";>sport kdslot
https://180.210.206.86/";>kds777
http://dash86.net";>dash poker

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated: Fix regression

2021-06-09 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 10afe25  Fix regression
10afe25 is described below

commit 10afe25b61a6330a000a5e5380a2e697d3f2ab3f
Author: remm 
AuthorDate: Wed Jun 9 09:19:02 2021 +0200

Fix regression

Fix error generating reflection due to removed NIO class in 9.0.47.
---
 .../util/xreflection/ObjectReflectionPropertyInspector.java   | 1 -
 webapps/docs/changelog.xml| 8 
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git 
a/java/org/apache/tomcat/util/xreflection/ObjectReflectionPropertyInspector.java
 
b/java/org/apache/tomcat/util/xreflection/ObjectReflectionPropertyInspector.java
index f27a27f..514aeb4 100644
--- 
a/java/org/apache/tomcat/util/xreflection/ObjectReflectionPropertyInspector.java
+++ 
b/java/org/apache/tomcat/util/xreflection/ObjectReflectionPropertyInspector.java
@@ -105,7 +105,6 @@ public final class ObjectReflectionPropertyInspector {
 
Class.forName("org.apache.tomcat.util.net.AprEndpoint"),
 
Class.forName("org.apache.tomcat.util.net.Nio2Endpoint"),
 
Class.forName("org.apache.tomcat.util.net.NioEndpoint"),
-
Class.forName("org.apache.tomcat.util.net.NioSelectorPool"),
 
Class.forName("org.apache.tomcat.util.net.SocketProperties")
 )
 )
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0f8e742..9671b9e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,14 @@
   issues do not "pop up" wrt. others).
 -->
 
+  
+
+  
+Regression when generating reflection due to removed NIO classes
+in 9.0.47. (remm)
+  
+
+  
 
 
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated: Add key

2021-06-09 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 4a19ff4  Add key
4a19ff4 is described below

commit 4a19ff47c5cfd690259ec4dfd89b03e8b801f306
Author: remm 
AuthorDate: Wed Jun 9 09:23:32 2021 +0200

Add key

Already on keyservers.
---
 KEYS | 60 
 1 file changed, 60 insertions(+)

diff --git a/KEYS b/KEYS
index b77087b..14fee51 100644
--- a/KEYS
+++ b/KEYS
@@ -674,3 +674,63 @@ 
C6Wc1owhZdi9ysx7mshgK4gu7JIAk8ryyN9XbyNjIM6M9aMYxTwECnLQPI8sTALg
 mSKqKZpUdvO77XQVYsjBAu3aMluPBNo=
 =uK1p
 -END PGP PUBLIC KEY BLOCK-
+
+pub   rsa4096 2019-05-05 [SC]
+  48F8 E69F 6390 C9F2 5CFE  DCD2 6824 8959 359E 722B
+uid   [ultimate] Remy Maucherat 
+sig 368248959359E722B 2019-05-05  Remy Maucherat 
+sub   rsa4096 2019-05-05 [E]
+sig  68248959359E722B 2019-05-05  Remy Maucherat 
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+
+mQINBFzO4ecBEACVS86VyuTSJmLmApi92R6D3/L3EIBFXhagJbrLkodkTuG9efYo
+vM1DJPWEFs5kux8a8UPwn2gbQFPJg1AH77GqjP8gtn0KHQvXgYC9+7cTqDl6C7k9
+n3BkB9bRIhHileYyIJfnycjJdrGFEmwGu0pBOEdr01R0kFprqYu9DwcD6oUvmZRn
+OMoQQeLEC0cw/VzJ/ZqzJwO0t+rMCozqJ9/BfJZUqwijDZnJAZWnIVxjqxrUgyYA
+5/0g9X8YHrIz09XuzaE64VAl0q3nrFJWvDCwE/ZM7w8jlUqtQgLu4K2U82G0YXw3
+KJ1EbigEmtEohu6HVnAToCJuOnQ8m0rZxbyNMeYF9pyohdFEca4I0B8Evy2dYFnJ
+Y2gghuU80vct54536WWz9mAjKwBFQUtxX0EjYrYN9ckzCK6fRqrnVv0USVp7N/ZY
+PQkOEJSdmRdpvTMwfCuAyT0/3cxuC7NyAWiZDXJv7OVcDr/REfWAA7XMQOErwdGJ
+gViG58YhLw0Pgdumg+prqQXowzlRzGAsV5VntCh+4LV8/ESmvWAE3V+jgZFB3cSp
+g58NKjp1EwKwX6BCICyX+Oe03cnlC0UJ7S9FccrjNrkiwxxOVAnmy4kxX/P3Cuqc
+C/b6BeeUA1hBNWNe42mr6YczS+dhpCSUVWQJp/TxdoXA2fGG1OS1FMaICwARAQAB
+tCBSZW15IE1hdWNoZXJhdCA8cmVtbUBhcGFjaGUub3JnPokCOAQTAQIAIgUCXM7h
+5wIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQaCSJWTWecisVSA/9Eh3h
+0jeyy51rA1nqq9imbH0YC85A/wZjhb06UXwWBPozJR8UJsOJZ7kBzCW4gfkC9zTD
+GStSHHAej9o96FHVRLzCyjaaZVuRUl2qCz9U+pnGMxb5aRNVAQ/wE10hHu3Yc+48
+cc0sPCCPMdshAj1VOHczTU/LSv21TWBaKO3NMV9KilPzKvXHdPFYssVcUt2NgQLm
+2Bx/ELTCVj5c9Ih2cz3T7kxf8LKsGALIfjcp8g9DlvMjVLKBFZqU94C4V0mba2Fd
+6xHpdmcgMbSNo6poQ0M0O7CN5qVJFm/v4ZDooLNWRMeL66oen3LrZ8HRpPxfic77
+JLKn60dywuYU8WYp7cV+3AnaDn/ggvC1x79LSmX4PFyG9/F5M7gp0HFrVdyc0nBo
+UTejZXehwKrfvF/isPf7pUv2fGXwg07zTz8OMLQo4h9poB5YuuinjuxjBfmc2AvB
+WbRcKNvHXHUlaVeK+VvohfPuetJESS4YB7fLMQPdGIckDFQub4SvXPNPPToLsbDB
+2GGguqhwWD9ECa2o1RqX8LnCdB71uBcyiW8UIkLxwaygsciVm7SFz+pqAKJgzWwI
+AsVYVOIKdq0GWaLDtMGJGQFfxuMVmMGGbvueAMcOCSSsGemkElan33VS8Zu1sjeY
+P0Jt4ws6gcbUHI27l5Pvk06uWzaN8uyXGA03d4y5Ag0EXM7h5wEQALG3oikRAQqf
+um+wW6oW2d1mIk0PtnC3l3/kGTA92kIqJzQ3Ua0mFaVGxdg2J/I1MF7HdlZJbGyP
+5b0PdbSjLHFbQfFD6LHsLw9StVrkjbBKYaP0gRWxEIHMN4Qv01I2Lyc9ONlMjUIf
+xNK/AG6oT/Ia53VVET78HOj01L7JjBAPuW8UPoy27s2gQ02smbA7iRUeZ3dpN2fy
+027aKbimIl1ZrxJbcbxw29PXWJZP+CxJEnqwEw78QbqSsFMAhR9wZHTfEtUzYy6h
+hyngwYQ+iBnB+1cYTEB9KbWWpP5n12iuRin77r2RwrHYAW/RUILK2rOJqPcIg6CX
+P1o9UKPeN5QE/ScU5427XKZZscaQrvBPoN3G2RWmMuHM2cchXgRRMMaSvufocLjj
+gKj/aPUDCkvJ5MyTNtMfVDx0Tw3aQpf2Fr1L1Hu2GyBqifioZGdzLL0LtdeXzkJy
+nZGj/L5jzIlNBnQG97rgCuPflbIl2S1izNexnuX2Z1dcyS2MTrj3nnK6HoW+gvCc
+oqq01S410wxaAUidJeGwLzgUa9Ig+6BVPT7sZrbc0IoNP+JdoqPxiEkqy4Msy9WJ
+RVeJM520Q2T1YM7xm/4E8C7H+Fis5u4GNswk5qsXEOyLcHBzGEik3BDylp+sJ6/F
+DuAN7k64RV2m+lKpjngiKZxo9LmqnsWTABEBAAGJAh8EGAECAAkFAlzO4ecCGwwA
+CgkQaCSJWTWecishvg//ZDuhkbSUgIIjG9Rzq3cHNxZ4sFrUwL19AtGNktiwt0QA
+GCKPnf4SdHZGKSeOqUHeDT/l/5l4Xc/JgRk/t2bEeC3cHE/Xc5V6I2n28HQiJScX
+UJdnO3QdTCMEYVedu/9JhmA37eznQhm+UAcxT9tew3nSd0KkkMQyW6YpBEgcdsFd
+aLiFPzbySjRWplyCdELPRFtW2ZHnJ5gVGYZ060EOHcdPb/4Gz/mA6dIjQ5N+vKlA
+GNdYZgv3w4NRGLmni5T7jDAY6T2CJXxvcgfYfh3oY3aiZaWzKKQyLEVaoZ6dJbsm
+mi2if7MZ/SVCMdM3MXiRpCeyyw9MTylGzgwbDYSz2ZkGvy9k+1M75q5QEfvVM8R3
+guaBJR+e4fkfsRBUAqwmHy8TrXghf5eOCsJx/9yyRXvK4tnwSBUIzFa1q0POESul
+jFWYFkvRjKIYfFWS6cY37sPNLvEQQmP2O07ttaYfIXcMcVF+HsDBUftGRWIkkPn2
+LucW7f0Lqlbv/mlJpqByz522jmJRNFLVQh87LYz91FgsLAgDkPpi8mzRrEfb2nHD
++PIKpoO499AKQ8hETMbfzmpJUIV2Bhd7OqKDSf+yHiYSje9evofP+4lDUx3u7tQ3
+4OUzLqBRVrhFDI9keHnhOFMJSrnrpXe7Cm9JujvTX/hy2iOpTOuflj0Djsc8dnQ=
+=l4Ry
+-END PGP PUBLIC KEY BLOCK-
+
+

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65340] Hpack decode NegativeArraySizeException: -1

2021-06-09 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65340

--- Comment #14 from Thomas  ---
I think they are not the same issue. The issue you mentioned above is also
submitted by me. The same time, I had submitted the same one in tomcat as
follow:
https://bz.apache.org/bugzilla/show_bug.cgi?id=65350

Please help address it!

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65350] The index ID of the request header that Jetty sent to Tomcat was not found in the index table on the Tomcat side

2021-06-09 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65350

--- Comment #4 from Thomas  ---
The same issue was submitted in jetty, please help address it.
https://github.com/eclipse/jetty.project/issues/6341

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65368] New: enhance error message "Unable to unwrap data, invalid status [CLOSED]"

2021-06-09 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65368

Bug ID: 65368
   Summary: enhance error message "Unable to unwrap data, invalid
status [CLOSED]"
   Product: Tomcat 9
   Version: 9.0.37
  Hardware: PC
OS: Linux
Status: NEW
  Severity: normal
  Priority: P2
 Component: Util
  Assignee: dev@tomcat.apache.org
  Reporter: hau...@acm.org
  Target Milestone: -

on a form post, I am seeing 

Caused by: java.io.IOException: Unable to unwrap data, invalid status [CLOSED]
at
org.apache.tomcat.util.net.SecureNioChannel.read(SecureNioChannel.java:657)
at
org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.fillReadBuffer(NioEndpoint.java:1231)
at
org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.read(NioEndpoint.java:1158)
at
org.apache.coyote.http11.Http11InputBuffer.fill(Http11InputBuffer.java:736)
at
org.apache.coyote.http11.Http11InputBuffer.access$300(Http11InputBuffer.java:42)
at
org.apache.coyote.http11.Http11InputBuffer$SocketInputBuffer.doRead(Http11InputBuffer.java:1099)
at
org.apache.coyote.http11.filters.IdentityInputFilter.doRead(IdentityInputFilter.java:102)
at
org.apache.coyote.http11.Http11InputBuffer.doRead(Http11InputBuffer.java:247)
at org.apache.coyote.Request.doRead(Request.java:551)
at
org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:336)


It turns out that post body was empty, i.e. of 0 bytes length.
So it is probably not really a decryption problem, but simply no data received.

Please add the number of bytes "read" (0 in my case) and "netread" (53 in my
case) to the error message on line 657 to ease the search of the cause (which
in my case was rather on the client side)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64762] CoyoteInputStream getInputStream() read (wait after premature end and the rest comes)

2021-06-09 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64762

--- Comment #13 from Ralf Hauser  ---
Got lots of inputstream truncation problems with SAML-Tickets and SOAP-UI
lately (pausing didn't help anymore).

Saw
http://mail-archives.apache.org/mod_mbox/tomcat-users/202003.mbox/%3ccamomwmonvujg2qyewfsyr34ogn5mbbybx-wyw4kcd_jsy7t...@mail.gmail.com%3E

Upgraded to 9.0.43 and the all problems seem to be gone!

(Strange that debian still advertizes v9.0.31 as "good" for the "stable"
release ?!?)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE][CANCELLED] Release Apache Tomcat 9.0.47

2021-06-09 Thread Mark Thomas 

On 09/06/2021 08:09, Rémy Maucherat wrote:

TLDR: Please review the packaging / signatures / whatever even though the
9.0.47 release is cancelled !


I can't start Tomcat on Java 8. Lots of:

09-Jun-2021 11:12:46.489 SEVERE [http-nio-8080-Acceptor] 
org.apache.tomcat.util.net.NioEndpoint.setSocketOptions Error setting 
socket options
	java.lang.NoSuchMethodError: 
java.nio.ByteBuffer.clear()Ljava/nio/ByteBuffer;
		at 
org.apache.tomcat.util.net.SocketBufferHandler.reset(SocketBufferHandler.java:213)

at 
org.apache.tomcat.util.net.NioChannel.reset(NioChannel.java:59)
		at 
org.apache.tomcat.util.net.NioEndpoint.setSocketOptions(NioEndpoint.java:488)
		at 
org.apache.tomcat.util.net.NioEndpoint.setSocketOptions(NioEndpoint.java:79)

at org.apache.tomcat.util.net.Acceptor.run(Acceptor.java:126)
at java.lang.Thread.run(Thread.java:748)


It appears the release was built with Java 11. That won't work. It needs 
to be built with Java 8. Well, strictly, it needs to be compiled with 
Java 8.


I also noticed that the Tomcat Installer for Windows was not signed. I 
think you said you were building on Linux. I haven't tested the Windows 
exe signing working on Linux but the docs suggest it is possible. 
Investigating this has been on my TODO list for a while. I'll take a look.


Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE][CANCELLED] Release Apache Tomcat 9.0.47

2021-06-09 Thread Rémy Maucherat 
On Wed, Jun 9, 2021 at 12:20 PM Mark Thomas  wrote:

> On 09/06/2021 08:09, Rémy Maucherat wrote:
> > TLDR: Please review the packaging / signatures / whatever even though the
> > 9.0.47 release is cancelled !
>
> I can't start Tomcat on Java 8. Lots of:
>
> 09-Jun-2021 11:12:46.489 SEVERE [http-nio-8080-Acceptor]
> org.apache.tomcat.util.net.NioEndpoint.setSocketOptions Error setting
> socket options
> java.lang.NoSuchMethodError:
> java.nio.ByteBuffer.clear()Ljava/nio/ByteBuffer;
> at
> org.apache.tomcat.util.net
> .SocketBufferHandler.reset(SocketBufferHandler.java:213)
> at org.apache.tomcat.util.net
> .NioChannel.reset(NioChannel.java:59)
> at
> org.apache.tomcat.util.net
> .NioEndpoint.setSocketOptions(NioEndpoint.java:488)
> at
> org.apache.tomcat.util.net
> .NioEndpoint.setSocketOptions(NioEndpoint.java:79)
> at org.apache.tomcat.util.net
> .Acceptor.run(Acceptor.java:126)
> at java.lang.Thread.run(Thread.java:748)
>
>
> It appears the release was built with Java 11. That won't work. It needs
> to be built with Java 8. Well, strictly, it needs to be compiled with
> Java 8.
>

Oops. That's easy to fix thankfully. The JVM default changed not that long
ago to Java 11 on my Linux, that makes the compile step error prone.

>
> I also noticed that the Tomcat Installer for Windows was not signed. I
> think you said you were building on Linux. I haven't tested the Windows
> exe signing working on Linux but the docs suggest it is possible.
> Investigating this has been on my TODO list for a while. I'll take a look.
>

I'll continue trying but the smctl tool (even the Linux version) doesn't
display the certificate.

Rémy


>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

[Bug 65350] The index ID of the request header that Jetty sent to Tomcat was not found in the index table on the Tomcat side

2021-06-09 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65350

--- Comment #5 from Joakim Erdfelt  ---
(In reply to Christopher Schultz from comment #2)
> I can't seem to find the reference to it, now, but I thought the reporter
> said that a header line (or name?) with > 1024 characters seems to trigger
> this. I'll keep searching for that reference.

I think you are referring to
https://bz.apache.org/bugzilla/show_bug.cgi?id=65340

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated: Integrate JSign for cross-platform builds with signed Windows binaries

2021-06-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 9f391c9  Integrate JSign for cross-platform builds with signed Windows 
binaries
9f391c9 is described below

commit 9f391c998ee9adbc22acce2bbabbc2c6b8fc4172
Author: Mark Thomas 
AuthorDate: Wed Jun 9 17:36:25 2021 +0100

Integrate JSign for cross-platform builds with signed Windows binaries

Big thanks due to ebourg
---
 build.properties.default | 18 +--
 build.xml| 59 ++--
 2 files changed, 53 insertions(+), 24 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 7572888..8cc72bb 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -77,9 +77,11 @@ org.apache.tomcat.util.net.NioSelectorShared=true
 gpg.exec=/path/to/gpg
 
 # Code signing of Windows installer
+# See https://infra.apache.org/digicert-use.html for setup instructions
 do.codesigning=false
-codesigning.exec=signtool.exe
-codesigning.certificate.thumbprint=5a606116432aba614c246d15e792f9e4bcf19cbf
+codesigning.pkcs11properties=${user.home}/.digicertone/pkcs11properties.cfg
+codesigning.alias=Tomcat-PMC-key-2021-04
+codesigning.digest=SHA-512
 
 # - Settings to use when downloading files -
 trydownload.httpusecaches=true
@@ -323,3 +325,15 @@ 
migration-lib.checksum.value=cecc0fa3b5947dd52465ed395ba3f23f|19a3e36dec08bbc60a
 migration-lib.home=${base.path}/migration-${migration-lib.version}
 
migration-lib.jar=${migration-lib.home}/jakartaee-migration-${migration-lib.version}-shaded.jar
 
migration-lib.loc=${base-maven.loc}/org/apache/tomcat/jakartaee-migration/${migration-lib.version}/jakartaee-migration-${migration-lib.version}-shaded.jar
+
+# - JSign, version 3.1 or later -
+jsign.version=3.1
+
+# checksums for JSign 3.1
+jsign.checksum.enable=true
+jsign.checksum.algorithm=MD5|SHA-1
+jsign.checksum.value=ed924fc86b7abe1dfe22fd8fd7e4c417|5736035f64805b2760a41ebc1ff11523f666f2c7
+
+jsign.home=${base.path}/jsign-${jsign.version}
+jsign.jar=${jsign.home}/jsign-${jsign.version}.jar
+jsign.loc=${base-maven.loc}/net/jsign/jsign/${jsign.version}/jsign-${jsign.version}.jar
diff --git a/build.xml b/build.xml
index 993f31f..77f9083 100644
--- a/build.xml
+++ b/build.xml
@@ -2622,18 +2622,15 @@ skip.installer property in build.properties" />
   
 
   
-
-  
-  
-  
-  
-  
-  
-  http://timestamp.digicert.com"/>
-  
-
+http://timestamp.digicert.com"/>
   
 
   
 
   
-
-  
-  
-  
-  
-  
-  
-  http://timestamp.digicert.com"/>
-  
-
+  depends="-installer,setup-jsign" if="${do.codesigning}" >
+http://timestamp.digicert.com"/>
 
 
 
@@ -3717,6 +3711,27 @@ Read the Building page on the Apache Tomcat 
documentation site for details on ho
 
   
 
+  
+
+
+  
+  
+  
+  
+  
+  
+
+  
+
+  
+
+
+  
+
+
+
+  
+
   
 
 

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] branch main updated: Integrate JSign for cross-platform builds with signed Windows binaries

2021-06-09 Thread Mark Thomas 

On 09/06/2021 17:36, ma...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
  new 9f391c9  Integrate JSign for cross-platform builds with signed 
Windows binaries
9f391c9 is described below

commit 9f391c998ee9adbc22acce2bbabbc2c6b8fc4172
Author: Mark Thomas 
AuthorDate: Wed Jun 9 17:36:25 2021 +0100

 Integrate JSign for cross-platform builds with signed Windows binaries


The signing works on Linux. I'm just testing it on Windows before 
back-porting.


Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Tagging 10.1.x, 10.0.x, 9.0.x and 8.5.x

2021-06-09 Thread Christopher Schultz 

Mark,

On 6/4/21 13:09, Mark Thomas wrote:

Hi all,

It looks like the mirrors are going to need a little more time for 
1.2.30 to replicate before I can update the release branches to use the 
new release. I also still have a few odds and ends I want to finish off 
before tagging so it is looking like the tags will happen on Monday 7th 
June.


Chris, how are you getting on with getting set up to release 8.5.x? Can 
I help at all?


Let me see what I can accomplish today.

Thanks,
-chris


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated: Update change log

2021-06-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new ba2d0b1  Update change log
ba2d0b1 is described below

commit ba2d0b1af8f896e549168ff55c01a24214e03528
Author: Mark Thomas 
AuthorDate: Wed Jun 9 18:08:43 2021 +0100

Update change log
---
 webapps/docs/changelog.xml | 8 
 1 file changed, 8 insertions(+)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 809d65e3..229b7e7 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,14 @@
   issues do not "pop up" wrt. others).
 -->
 
+  
+
+  
+Use JSign to integrate the build script with the code signing service 
to
+enable release builds to be created on Linux as well as Windows. 
(markt)
+  
+
+  
 
 
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 10.0.x updated: Integrate JSign for cross-platform builds with signed Windows binaries

2021-06-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.0.x by this push:
 new b476480  Integrate JSign for cross-platform builds with signed Windows 
binaries
b476480 is described below

commit b476480c5018543958548c6e03e1d557a0b25619
Author: Mark Thomas 
AuthorDate: Wed Jun 9 17:36:25 2021 +0100

Integrate JSign for cross-platform builds with signed Windows binaries

Big thanks due to ebourg
---
 build.properties.default   | 18 --
 build.xml  | 59 +-
 webapps/docs/changelog.xml |  8 +++
 3 files changed, 61 insertions(+), 24 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 1d7309a..ff3372f 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -77,9 +77,11 @@ org.apache.tomcat.util.net.NioSelectorShared=true
 gpg.exec=/path/to/gpg
 
 # Code signing of Windows installer
+# See https://infra.apache.org/digicert-use.html for setup instructions
 do.codesigning=false
-codesigning.exec=signtool.exe
-codesigning.certificate.thumbprint=5a606116432aba614c246d15e792f9e4bcf19cbf
+codesigning.pkcs11properties=${user.home}/.digicertone/pkcs11properties.cfg
+codesigning.alias=Tomcat-PMC-key-2021-04
+codesigning.digest=SHA-512
 
 # - Settings to use when downloading files -
 trydownload.httpusecaches=true
@@ -323,3 +325,15 @@ 
migration-lib.checksum.value=cecc0fa3b5947dd52465ed395ba3f23f|19a3e36dec08bbc60a
 migration-lib.home=${base.path}/migration-${migration-lib.version}
 
migration-lib.jar=${migration-lib.home}/jakartaee-migration-${migration-lib.version}-shaded.jar
 
migration-lib.loc=${base-maven.loc}/org/apache/tomcat/jakartaee-migration/${migration-lib.version}/jakartaee-migration-${migration-lib.version}-shaded.jar
+
+# - JSign, version 3.1 or later -
+jsign.version=3.1
+
+# checksums for JSign 3.1
+jsign.checksum.enable=true
+jsign.checksum.algorithm=MD5|SHA-1
+jsign.checksum.value=ed924fc86b7abe1dfe22fd8fd7e4c417|5736035f64805b2760a41ebc1ff11523f666f2c7
+
+jsign.home=${base.path}/jsign-${jsign.version}
+jsign.jar=${jsign.home}/jsign-${jsign.version}.jar
+jsign.loc=${base-maven.loc}/net/jsign/jsign/${jsign.version}/jsign-${jsign.version}.jar
diff --git a/build.xml b/build.xml
index 678568d..0edfa2c 100644
--- a/build.xml
+++ b/build.xml
@@ -2622,18 +2622,15 @@ skip.installer property in build.properties" />
   
 
   
-
-  
-  
-  
-  
-  
-  
-  http://timestamp.digicert.com"/>
-  
-
+http://timestamp.digicert.com"/>
   
 
   
 
   
-
-  
-  
-  
-  
-  
-  
-  http://timestamp.digicert.com"/>
-  
-
+  depends="-installer,setup-jsign" if="${do.codesigning}" >
+http://timestamp.digicert.com"/>
 
 
 
@@ -3717,6 +3711,27 @@ Read the Building page on the Apache Tomcat 
documentation site for details on ho
 
   
 
+  
+
+
+  
+  
+  
+  
+  
+  
+
+  
+
+  
+
+
+  
+
+
+
+  
+
   
 
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 7ad4315..389d08a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,14 @@
   issues do not "pop up" wrt. others).
 -->
 
+  
+
+  
+Use JSign to integrate the build script with the code signing service 
to
+enable release builds to be created on Linux as well as Windows. 
(markt)
+  
+
+  
 
 
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated: Integrate JSign for cross-platform builds with signed Windows binaries

2021-06-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new f2091bf  Integrate JSign for cross-platform builds with signed Windows 
binaries
f2091bf is described below

commit f2091bf8b027fefb4a82f26cdba6a806d19301e3
Author: Mark Thomas 
AuthorDate: Wed Jun 9 17:36:25 2021 +0100

Integrate JSign for cross-platform builds with signed Windows binaries

Big thanks due to ebourg
---
 build.properties.default   | 18 --
 build.xml  | 59 +-
 webapps/docs/changelog.xml |  8 +++
 3 files changed, 61 insertions(+), 24 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 7838db8..2667fdf 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -77,9 +77,11 @@ org.apache.tomcat.util.net.NioSelectorShared=true
 gpg.exec=/path/to/gpg
 
 # Code signing of Windows installer
+# See https://infra.apache.org/digicert-use.html for setup instructions
 do.codesigning=false
-codesigning.exec=signtool.exe
-codesigning.certificate.thumbprint=5a606116432aba614c246d15e792f9e4bcf19cbf
+codesigning.pkcs11properties=${user.home}/.digicertone/pkcs11properties.cfg
+codesigning.alias=Tomcat-PMC-key-2021-04
+codesigning.digest=SHA-512
 
 # - Settings to use when downloading files -
 trydownload.httpusecaches=true
@@ -311,3 +313,15 @@ 
osgi-annotations.checksum.value=153054f987534244f95a399539b11375|b6e802bceba0682
 osgi-annotations.home=${base.path}/osgi-annotations-${osgi-annotations.version}
 
osgi-annotations.jar=${osgi-annotations.home}/org.osgi.annotation.bundle-${osgi-annotations.version}.jar
 
osgi-annotations.loc=${base-maven.loc}/org/osgi/org.osgi.annotation.bundle/${osgi-annotations.version}/org.osgi.annotation.bundle-${osgi-annotations.version}.jar
+
+# - JSign, version 3.1 or later -
+jsign.version=3.1
+
+# checksums for JSign 3.1
+jsign.checksum.enable=true
+jsign.checksum.algorithm=MD5|SHA-1
+jsign.checksum.value=ed924fc86b7abe1dfe22fd8fd7e4c417|5736035f64805b2760a41ebc1ff11523f666f2c7
+
+jsign.home=${base.path}/jsign-${jsign.version}
+jsign.jar=${jsign.home}/jsign-${jsign.version}.jar
+jsign.loc=${base-maven.loc}/net/jsign/jsign/${jsign.version}/jsign-${jsign.version}.jar
diff --git a/build.xml b/build.xml
index d1eb1c2..32c59ef 100644
--- a/build.xml
+++ b/build.xml
@@ -2604,18 +2604,15 @@ skip.installer property in build.properties" />
   
 
   
-
-  
-  
-  
-  
-  
-  
-  http://timestamp.digicert.com"/>
-  
-
+http://timestamp.digicert.com"/>
   
 
   
 
   
-
-  
-  
-  
-  
-  
-  
-  http://timestamp.digicert.com"/>
-  
-
+  depends="-installer,setup-jsign" if="${do.codesigning}" >
+http://timestamp.digicert.com"/>
 
 
 
@@ -3689,6 +3683,27 @@ Read the Building page on the Apache Tomcat 
documentation site for details on ho
 
   
 
+  
+
+
+  
+  
+  
+  
+  
+  
+
+  
+
+  
+
+
+  
+
+
+
+  
+
   
 
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 9671b9e..745ed84 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -113,6 +113,14 @@
   
 
   
+  
+
+  
+Use JSign to integrate the build script with the code signing service 
to
+enable release builds to be created on Linux as well as Windows. 
(markt)
+  
+
+  
 
 
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Integrate JSign for cross-platform builds with signed Windows binaries

2021-06-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 4826a29  Integrate JSign for cross-platform builds with signed Windows 
binaries
4826a29 is described below

commit 4826a2958c353d0e67fd95836daebd3ce1580966
Author: Mark Thomas 
AuthorDate: Wed Jun 9 17:36:25 2021 +0100

Integrate JSign for cross-platform builds with signed Windows binaries

Big thanks due to ebourg
---
 build.properties.default   | 18 --
 build.xml  | 59 +-
 webapps/docs/changelog.xml |  4 
 3 files changed, 57 insertions(+), 24 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 53ad4e3..a549ff2 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -76,9 +76,11 @@ org.apache.tomcat.util.net.NioSelectorShared=true
 gpg.exec=/path/to/gpg
 
 # Code signing of Windows installer
+# See https://infra.apache.org/digicert-use.html for setup instructions
 do.codesigning=false
-codesigning.exec=signtool.exe
-codesigning.certificate.thumbprint=5a606116432aba614c246d15e792f9e4bcf19cbf
+codesigning.pkcs11properties=${user.home}/.digicertone/pkcs11properties.cfg
+codesigning.alias=Tomcat-PMC-key-2021-04
+codesigning.digest=SHA-512
 
 # - Settings to use when downloading files -
 trydownload.httpusecaches=true
@@ -291,3 +293,15 @@ 
findbugs.checksum.value=8c54502a8e1b78ea6b173a186ce6f379|95114d9aaeeba7bd4ea5a3d
 findbugs.home=${base.path}/spotbugs-${findbugs.version}
 findbugs.jar=${findbugs.home}/lib/spotbugs-ant.jar
 
findbugs.loc=${base-maven.loc}/com/github/spotbugs/spotbugs/${findbugs.version}/spotbugs-${findbugs.version}.tgz
+
+# - JSign, version 3.1 or later -
+jsign.version=3.1
+
+# checksums for JSign 3.1
+jsign.checksum.enable=true
+jsign.checksum.algorithm=MD5|SHA-1
+jsign.checksum.value=ed924fc86b7abe1dfe22fd8fd7e4c417|5736035f64805b2760a41ebc1ff11523f666f2c7
+
+jsign.home=${base.path}/jsign-${jsign.version}
+jsign.jar=${jsign.home}/jsign-${jsign.version}.jar
+jsign.loc=${base-maven.loc}/net/jsign/jsign/${jsign.version}/jsign-${jsign.version}.jar
diff --git a/build.xml b/build.xml
index 0ad4be1..777081a 100644
--- a/build.xml
+++ b/build.xml
@@ -2285,18 +2285,15 @@ skip.installer property in build.properties" />
   
 
   
-
-  
-  
-  
-  
-  
-  
-  http://timestamp.digicert.com"/>
-  
-
+http://timestamp.digicert.com"/>
   
 
   
 
   
-
-  
-  
-  
-  
-  
-  
-  http://timestamp.digicert.com"/>
-  
-
+  depends="-installer,setup-jsign" if="${do.codesigning}" >
+http://timestamp.digicert.com"/>
 
 
 
@@ -3351,6 +3345,27 @@ Read the Building page on the Apache Tomcat 
documentation site for details on ho
 
   
 
+  
+
+
+  
+  
+  
+  
+  
+  
+
+  
+
+  
+
+
+  
+
+
+
+  
+
   
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c338159..fde4dd6 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -284,6 +284,10 @@
 Update the packaged version of the Tomcat Native Library to 1.2.30. 
Also
 update the minimum recommended version to 1.2.30. (markt)
   
+  
+Use JSign to integrate the build script with the code signing service 
to
+enable release builds to be created on Linux as well as Windows. 
(markt)
+  
 
   
 

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Tagging 10.1.x, 10.0.x, 9.0.x and 8.5.x

2021-06-09 Thread Mark Thomas 

On 09/06/2021 17:58, Christopher Schultz wrote:

Mark,

On 6/4/21 13:09, Mark Thomas wrote:

Hi all,

It looks like the mirrors are going to need a little more time for 
1.2.30 to replicate before I can update the release branches to use 
the new release. I also still have a few odds and ends I want to 
finish off before tagging so it is looking like the tags will happen 
on Monday 7th June.


Chris, how are you getting on with getting set up to release 8.5.x? 
Can I help at all?


Let me see what I can accomplish today.


Great. I've just committed a change that will let you build a release on 
Linux or Windows.


The setup steps are rather involved. See:
https://infra.apache.org/digicert-use.html

Ping me on the #tomcat slack channel if you need any help.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65368] enhance error message "Unable to unwrap data, invalid status [CLOSED]"

2021-06-09 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65368

--- Comment #1 from Mark Thomas  ---
Reading a zero length POST shouldn't trigger an exception. I'll see if I can
re-create this. Was this with OpenSSL or JSSE?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot failure in on tomcat-8.5.x

2021-06-09 Thread buildbot 
The Buildbot has detected a new failure on builder tomcat-8.5.x while building 
tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-8.5.x/builds/24

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8.5-commit' 
triggered this build
Build Source Stamp: [branch 8.5.x] 4826a2958c353d0e67fd95836daebd3ce1580966
Blamelist: Mark Thomas 

BUILD FAILED: failed compile

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: buildbot failure in on tomcat-8.5.x

2021-06-09 Thread Mark Thomas 

On 09/06/2021 19:10, build...@apache.org wrote:

The Buildbot has detected a new failure on builder tomcat-8.5.x while building 
tomcat. Full details are available at:
 https://ci.apache.org/builders/tomcat-8.5.x/builds/24

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8.5-commit' 
triggered this build
Build Source Stamp: [branch 8.5.x] 4826a2958c353d0e67fd95836daebd3ce1580966
Blamelist: Mark Thomas 

BUILD FAILED: failed compile


Drat. JSign requires Java 8. That is going to need to some work to get 
working for 8.5.x


Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65368] enhance error message "Unable to unwrap data, invalid status [CLOSED]"

2021-06-09 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65368

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |NEEDINFO

--- Comment #2 from Mark Thomas  ---
I'm unable to repeat this with a simple test servlet and zero length POST. I'm
using openssl s_client.

The stack trace suggests the connection has been closed so this may not be
(directly) related to the length of the POST.

Can you provide a simple test case to reproduce this please.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] branch main updated: Integrate JSign for cross-platform builds with signed Windows binaries

2021-06-09 Thread Rémy Maucherat 
On Wed, Jun 9, 2021 at 6:40 PM Mark Thomas  wrote:

> On 09/06/2021 17:36, ma...@apache.org wrote:
> > This is an automated email from the ASF dual-hosted git repository.
> >
> > markt pushed a commit to branch main
> > in repository https://gitbox.apache.org/repos/asf/tomcat.git
> >
> >
> > The following commit(s) were added to refs/heads/main by this push:
> >   new 9f391c9  Integrate JSign for cross-platform builds with signed
> Windows binaries
> > 9f391c9 is described below
> >
> > commit 9f391c998ee9adbc22acce2bbabbc2c6b8fc4172
> > Author: Mark Thomas 
> > AuthorDate: Wed Jun 9 17:36:25 2021 +0100
> >
> >  Integrate JSign for cross-platform builds with signed Windows
> binaries
>
> The signing works on Linux. I'm just testing it on Windows before
> back-porting.
>

-installer-sign-uninstaller:
[jsign] Adding Authenticode signature to
/home/remm/Work/releases/tomcat-9.0.47/output/dist/Uninstall.exe

BUILD FAILED
/home/remm/Work/releases/tomcat-9.0.47/build.xml:2615: Couldn't sign
/home/remm/Work/releases/tomcat-9.0.47/output/dist/Uninstall.exe

With the command line and after getting a real standalone JVM, I'm still
getting:
[remm@omni releases]$ java -jar libs/jsign-3.1/jsign-3.1.jar --keystore
~/.digicertone/pkcs11properties.cfg --storepass NONE --storetype PKCS11
--alias "Tomcat-PMC-key-2021-04" --alg SHA-512 --tsaurl
http://timestamp.digicert.com tomcat-9.0.47/output/dist/Uninstall.exe
Adding Authenticode signature to tomcat-9.0.47/output/dist/Uninstall.exe
jsign: Couldn't sign tomcat-9.0.47/output/dist/Uninstall.exe
java.security.ProviderException:
sun.security.pkcs11.wrapper.PKCS11Exception: CKR_FUNCTION_FAILED
at
jdk.crypto.cryptoki/sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:685)
at
java.base/java.security.Signature$Delegate.engineSign(Signature.java:1404)
at java.base/java.security.Signature.sign(Signature.java:713)
at
net.jsign.bouncycastle.operator.jcajce.JcaContentSignerBuilder$1.getSignature(Unknown
Source)
at net.jsign.bouncycastle.cms.SignerInfoGenerator.generate(Unknown Source)
at net.jsign.bouncycastle.cms.CMSSignedDataGenerator.generate(Unknown
Source)
at net.jsign.bouncycastle.cms.CMSSignedDataGenerator.generate(Unknown
Source)
at
net.jsign.asn1.authenticode.AuthenticodeSignedDataGenerator.generate(AuthenticodeSignedDataGenerator.java:50)
at
net.jsign.AuthenticodeSigner.createSignedData(AuthenticodeSigner.java:368)
at net.jsign.AuthenticodeSigner.sign(AuthenticodeSigner.java:339)
at net.jsign.SignerHelper.sign(SignerHelper.java:424)
at net.jsign.JsignCLI.execute(JsignCLI.java:111)
at net.jsign.JsignCLI.main(JsignCLI.java:40)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_FUNCTION_FAILED
at
jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_SignFinal(Native
Method)
at
jdk.crypto.cryptoki/sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:635)
... 12 more
Try `java -jar jsign.jar --help' for more information.

The cfg file is:
name=DigiCertONE
library="/home/remm/.digicertone/smpkcs11.so"
slotListIndex=0

The .so is there (otherwise it would complain earlier). Also the smctl tool
shows the key. I tried other algorithms but no success so far.

Rémy


> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [tomcat] branch main updated: Integrate JSign for cross-platform builds with signed Windows binaries

2021-06-09 Thread Emmanuel Bourg 

Le 2021-06-09 21:09, Rémy Maucherat a écrit :

Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: 
CKR_FUNCTION_FAILED
at 
jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_SignFinal(Native 
Method)
at 
jdk.crypto.cryptoki/sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:635)

... 12 more
Try `java -jar jsign.jar --help' for more information.

The cfg file is:
name=DigiCertONE
library="/home/remm/.digicertone/smpkcs11.so"
slotListIndex=0

The .so is there (otherwise it would complain earlier). Also the smctl 
tool

shows the key. I tried other algorithms but no success so far.



You can try adding -Djava.security.debug=sunpkcs11, it should provide 
more info.


Emmanuel Bourg

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Tagging 10.1.x, 10.0.x, 9.0.x and 8.5.x

2021-06-09 Thread Christopher Schultz 

Mark,

On 6/9/21 13:14, Mark Thomas wrote:

On 09/06/2021 17:58, Christopher Schultz wrote:

Mark,

On 6/4/21 13:09, Mark Thomas wrote:

Hi all,

It looks like the mirrors are going to need a little more time for 
1.2.30 to replicate before I can update the release branches to use 
the new release. I also still have a few odds and ends I want to 
finish off before tagging so it is looking like the tags will happen 
on Monday 7th June.


Chris, how are you getting on with getting set up to release 8.5.x? 
Can I help at all?


Let me see what I can accomplish today.


Great. I've just committed a change that will let you build a release on 
Linux or Windows.


Well, that would have been convenient reading this earlier today :)

The biggest problem for me is getting the fscking Windows environment up 
and running. I don't have a bare-metal Windows machine, so I'm on VMs 
for everything. Today I discovered Chocolatey, and I've documented on 
the Wiki ReleaseProcesss page how you can go from a useless Windows 10 / 
MS Edge evaluation Virtual Machine to something you can actually work 
with in two PowerShell commands. Really only 1 PS command, then running 
the CLI installer for *all* the prerequisites.



The setup steps are rather involved. See:
https://infra.apache.org/digicert-use.html


I'm going to need an updated invitation, unfortunately. I tried to 
complete my account setup and it says the "action has expired." It's 
been nearly a month (sorry), so that's not entirely surprising.


Thanks,
-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Tagging 10.1.x, 10.0.x, 9.0.x and 8.5.x

2021-06-09 Thread Christopher Schultz 

Mark,

On 6/9/21 18:25, Christopher Schultz wrote:

Mark,

On 6/9/21 13:14, Mark Thomas wrote:

On 09/06/2021 17:58, Christopher Schultz wrote:

Mark,

On 6/4/21 13:09, Mark Thomas wrote:

Hi all,

It looks like the mirrors are going to need a little more time for 
1.2.30 to replicate before I can update the release branches to use 
the new release. I also still have a few odds and ends I want to 
finish off before tagging so it is looking like the tags will happen 
on Monday 7th June.


Chris, how are you getting on with getting set up to release 8.5.x? 
Can I help at all?


Let me see what I can accomplish today.


Great. I've just committed a change that will let you build a release 
on Linux or Windows.


Well, that would have been convenient reading this earlier today :)

The biggest problem for me is getting the fscking Windows environment up 
and running. I don't have a bare-metal Windows machine, so I'm on VMs 
for everything. Today I discovered Chocolatey, and I've documented on 
the Wiki ReleaseProcesss page how you can go from a useless Windows 10 / 
MS Edge evaluation Virtual Machine to something you can actually work 
with in two PowerShell commands. Really only 1 PS command, then running 
the CLI installer for *all* the prerequisites.



The setup steps are rather involved. See:
https://infra.apache.org/digicert-use.html


I'm going to need an updated invitation, unfortunately.


Scratch that. I was able to simply say "Forgot password" and now I'm 
good to go.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Tagging 10.1.x, 10.0.x, 9.0.x and 8.5.x

2021-06-09 Thread Mark Thomas 

On 09/06/2021 23:25, Christopher Schultz wrote:

Mark,

On 6/9/21 13:14, Mark Thomas wrote:

On 09/06/2021 17:58, Christopher Schultz wrote:

Mark,

On 6/4/21 13:09, Mark Thomas wrote:

Hi all,

It looks like the mirrors are going to need a little more time for 
1.2.30 to replicate before I can update the release branches to use 
the new release. I also still have a few odds and ends I want to 
finish off before tagging so it is looking like the tags will happen 
on Monday 7th June.


Chris, how are you getting on with getting set up to release 8.5.x? 
Can I help at all?


Let me see what I can accomplish today.


Great. I've just committed a change that will let you build a release 
on Linux or Windows.


Well, that would have been convenient reading this earlier today :)


Except that it doesn't work. The version of JSign we are using requires 
Java 8. I'm planning on looking into possible options this morning.


One option is to roll-back to the previous Windows only way of doing a 
release.


Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] MCMicS opened a new pull request #422: add opens for Java 16 in service.bat

2021-06-09 Thread GitBox 


MCMicS opened a new pull request #422:
URL: https://github.com/apache/tomcat/pull/422


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65369] New: Windows Service not open modules for JAva 16

2021-06-09 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=65369

Bug ID: 65369
   Summary: Windows Service not open modules for JAva 16
   Product: Tomcat 9
   Version: 9.0.45
  Hardware: PC
Status: NEW
  Severity: normal
  Priority: P2
 Component: Packaging
  Assignee: dev@tomcat.apache.org
  Reporter: ms...@vjoon.com
  Target Milestone: -

catalina script was changed and has new lines: 

>set "JDK_JAVA_OPTIONS=%JDK_JAVA_OPTIONS% 
>--add-opens=java.base/java.util=ALL-UNNAMED"
>set "JDK_JAVA_OPTIONS=%JDK_JAVA_OPTIONS% 
>--add-opens=java.base/java.util.concurrent=ALL-UNNAMED"

These are missing in service.bat ( --JvmOptions9 )

Pull Request: https://github.com/apache/tomcat/pull/422

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] branch main updated: Integrate JSign for cross-platform builds with signed Windows binaries

2021-06-09 Thread Rémy Maucherat 
On Thu, Jun 10, 2021 at 12:08 AM Emmanuel Bourg  wrote:

> Le 2021-06-09 21:09, Rémy Maucherat a écrit :
>
> > Caused by: sun.security.pkcs11.wrapper.PKCS11Exception:
> > CKR_FUNCTION_FAILED
> > at
> >
> jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_SignFinal(Native
> > Method)
> > at
> >
> jdk.crypto.cryptoki/sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:635)
> > ... 12 more
> > Try `java -jar jsign.jar --help' for more information.
> >
> > The cfg file is:
> > name=DigiCertONE
> > library="/home/remm/.digicertone/smpkcs11.so"
> > slotListIndex=0
> >
> > The .so is there (otherwise it would complain earlier). Also the smctl
> > tool
> > shows the key. I tried other algorithms but no success so far.
>
>
> You can try adding -Djava.security.debug=sunpkcs11, it should provide
> more info.
>

https://pastebin.com/nqNUix6j
So I think it shows the security provider [why was this hacked in as a fake
token card ??] works on init, but I didn't get any extra details on the
error.

Now I will try again with a clean environment instead of my bleeding edge
Fedora stuff.

Rémy


>
> Emmanuel Bourg
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

[tomcat] branch 8.5.x updated: Downgrade JSign to 2.1 so it can be used with Java 7

2021-06-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new f99f054  Downgrade JSign to 2.1 so it can be used with Java 7
f99f054 is described below

commit f99f05498cedc0d3ceef677ef1f140e388632154
Author: Mark Thomas 
AuthorDate: Thu Jun 10 07:54:10 2021 +0100

Downgrade JSign to 2.1 so it can be used with Java 7
---
 build.properties.default | 9 +
 build.xml| 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index a549ff2..c4a64be 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -294,13 +294,14 @@ findbugs.home=${base.path}/spotbugs-${findbugs.version}
 findbugs.jar=${findbugs.home}/lib/spotbugs-ant.jar
 
findbugs.loc=${base-maven.loc}/com/github/spotbugs/spotbugs/${findbugs.version}/spotbugs-${findbugs.version}.tgz
 
-# - JSign, version 3.1 or later -
-jsign.version=3.1
+# - JSign, version 2.1 -
+# JSign 3.0 onwards required Java 8 so use 2.1
+jsign.version=2.1
 
-# checksums for JSign 3.1
+# checksums for JSign 2.1
 jsign.checksum.enable=true
 jsign.checksum.algorithm=MD5|SHA-1
-jsign.checksum.value=ed924fc86b7abe1dfe22fd8fd7e4c417|5736035f64805b2760a41ebc1ff11523f666f2c7
+jsign.checksum.value=3bfcdc43b6e3d6438af6907b79f2ae3a|473378d211a1ecd28400503f3c2556963da0e626
 
 jsign.home=${base.path}/jsign-${jsign.version}
 jsign.jar=${jsign.home}/jsign-${jsign.version}.jar
diff --git a/build.xml b/build.xml
index 777081a..4bf6e98 100644
--- a/build.xml
+++ b/build.xml
@@ -3363,7 +3363,7 @@ Read the Building page on the Apache Tomcat documentation 
site for details on ho
   
 
 
-
+
   
 
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org