Maven 2.x Shade Plugin

Custom manifes entries produce a SecurityException

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Not A Bug
  • Affects Version/s: 1.2.1
  • Fix Version/s: None
  • Labels:
    None
  • Environment:
    mac osx, maven 2.2,java version "1.6.0_13"
    Java(TM) SE Runtime Environment (build 1.6.0_13-b03-211)
    Java HotSpot(TM) 64-Bit Server VM (build 11.3-b02-83, mixed mode)
     
  • Number of attachments :
    0

Description

Given the following configuration:

<profile>
<id>pack2</id>
<build>
<defaultGoal>package</defaultGoal>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>shade</goal>
</goals>
<configuration>
<shadedArtifactAttached>true</shadedArtifactAttached>
<shadedClassifierName>jackofall</shadedClassifierName> <!-- Any name that makes sense -->
<transformers>
<transformer implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer"/>
<transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
<manifestEntries>
<Main-Class>org.ow2.frascati.factory.ManifestLauncher</Main-Class>
<mainComposite>pomodoro</mainComposite>
</manifestEntries>
</transformer>
</transformers>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>

Once the jar is executed, I get this stacktrace:

Exception in thread "main" java.lang.SecurityException: Invalid signature file digest for Manifest main attributes
at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:221)
at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:176)
at java.util.jar.JarVerifier.processEntry(JarVerifier.java:277)
at java.util.jar.JarVerifier.update(JarVerifier.java:188)
at java.util.jar.JarFile.initializeVerifier(JarFile.java:321)
at java.util.jar.JarFile.getInputStream(JarFile.java:386)
at sun.misc.URLClassPath$JarLoader$2.getInputStream(URLClassPath.java:689)
at sun.misc.Resource.cachedInputStream(Resource.java:59)
at sun.misc.Resource.getByteBuffer(Resource.java:154)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:249)
at java.net.URLClassLoader.access$000(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:319)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:330)
at java.lang.ClassLoader.loadClass(ClassLoader.java:254)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:402)

Maybe this is due to the fact that the custom manifest entry (mainComposite) is written in the middle of the manifest's main entries:

Manifest-Version: 1.0
Build-Jdk: 1.6.0_13
Built-By: veleno
mainComposite: pomodoro <<<<<<
Created-By: Apache Maven
Main-Class: org.ow2.frascati.factory.ManifestLauncher
Archiver-Version: Plexus Archiver

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Valerio Schiavoni added a comment -

The issue doesn't seem to originate form the order of the attributes in the manifest. Instead, one of the shaded dependecies's jar was signed. In particular, the file ECLIPSE.RSA is stored in the META-INF/ directory of the shaded jar.

Show
Valerio Schiavoni added a comment - The issue doesn't seem to originate form the order of the attributes in the manifest. Instead, one of the shaded dependecies's jar was signed. In particular, the file ECLIPSE.RSA is stored in the META-INF/ directory of the shaded jar.
Hide
Permalink
Valerio Schiavoni added a comment -

THe issue can be solved by adding this exclusions (adapt it to your project):

<filters>
<filter>
<artifact>org.eclipse:osgi</artifact>
<excludes>
<exclude>META-INF/ECLIPSE.SF</exclude>
<exclude>META-INF/ECLIPSE.RSA</exclude>
<exclude>META-INF/ECLIPSE.INF</exclude>
</excludes>
</filter>
<filter>
<artifact>
org.eclipse.jdt:core</artifact>
<excludes>
<exclude>META-INF/ECLIPSE.SF</exclude>
<exclude>META-INF/ECLIPSE.RSA</exclude>
<exclude>META-INF/ECLIPSE.INF</exclude>
</excludes>
</filter>

<filter>
<artifact>org.eclipse.emf:ecore</artifact>
<excludes>
<exclude>META-INF/ECLIPSE.SF</exclude>
<exclude>META-INF/ECLIPSE.RSA</exclude>
<exclude>META-INF/ECLIPSE.INF</exclude>
</excludes>
</filter>
<filter>
<artifact>org.eclipse.emf:ecore-xmi</artifact>
<excludes>
<exclude>META-INF/ECLIPSE.SF</exclude>
<exclude>META-INF/ECLIPSE.RSA</exclude>
<exclude>META-INF/ECLIPSE.INF</exclude>
</excludes>
</filter>
<filter>
<artifact>org.eclipse.emf:common</artifact>
<excludes>
<exclude>META-INF/ECLIPSE.SF</exclude>
<exclude>META-INF/ECLIPSE.RSA</exclude>
<exclude>META-INF/ECLIPSE.INF</exclude>
</excludes>
</filter>
<filter>
<artifact>org.eclipse.equinox:common</artifact>
<excludes>
<exclude>META-INF/ECLIPSE.SF</exclude>
<exclude>META-INF/ECLIPSE.RSA</exclude>
<exclude>META-INF/ECLIPSE.INF</exclude>
</excludes>
</filter>
</filters>

Show
Valerio Schiavoni added a comment - THe issue can be solved by adding this exclusions (adapt it to your project): <filters> <filter> <artifact>org.eclipse:osgi</artifact> <excludes> <exclude>META-INF/ECLIPSE.SF</exclude> <exclude>META-INF/ECLIPSE.RSA</exclude> <exclude>META-INF/ECLIPSE.INF</exclude> </excludes> </filter> <filter> <artifact> org.eclipse.jdt:core</artifact> <excludes> <exclude>META-INF/ECLIPSE.SF</exclude> <exclude>META-INF/ECLIPSE.RSA</exclude> <exclude>META-INF/ECLIPSE.INF</exclude> </excludes> </filter> <filter> <artifact>org.eclipse.emf:ecore</artifact> <excludes> <exclude>META-INF/ECLIPSE.SF</exclude> <exclude>META-INF/ECLIPSE.RSA</exclude> <exclude>META-INF/ECLIPSE.INF</exclude> </excludes> </filter> <filter> <artifact>org.eclipse.emf:ecore-xmi</artifact> <excludes> <exclude>META-INF/ECLIPSE.SF</exclude> <exclude>META-INF/ECLIPSE.RSA</exclude> <exclude>META-INF/ECLIPSE.INF</exclude> </excludes> </filter> <filter> <artifact>org.eclipse.emf:common</artifact> <excludes> <exclude>META-INF/ECLIPSE.SF</exclude> <exclude>META-INF/ECLIPSE.RSA</exclude> <exclude>META-INF/ECLIPSE.INF</exclude> </excludes> </filter> <filter> <artifact>org.eclipse.equinox:common</artifact> <excludes> <exclude>META-INF/ECLIPSE.SF</exclude> <exclude>META-INF/ECLIPSE.RSA</exclude> <exclude>META-INF/ECLIPSE.INF</exclude> </excludes> </filter> </filters>

People

  • Assignee:
    Unassigned
    Reporter:
    Valerio Schiavoni
Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved: