jeffxuyf / jnaerator

Automatically exported from code.google.com/p/jnaerator
0 stars 0 forks source link

SecurityException trying to run shaded jar #58

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. mvn install 
2. java -jar ~/.m2/repository/com/jnaerator/jnaerator/0.9.4-
SNAPSHOT/jnaerator-0.9.4-SNAPSHOT-shaded.jar
3.

What is the expected output? What do you see instead?

Exception in thread "main" java.lang.SecurityException: Invalid signature 
file digest for Manifest main attributes
        at 
sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.j
ava:239)
        at 
sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:
193)
        at java.util.jar.JarVerifier.processEntry(JarVerifier.java:294)
        at java.util.jar.JarVerifier.update(JarVerifier.java:205)
...

What version of the product are you using? On what operating system?

Please provide any additional information below.

Looks like it might be related to this problem:

http://jira.codehaus.org/browse/MSHADE-61

The problem seems to be caused by the files OCHAFIK2.DSA and OCHAFIK2.SF in 
the META-INF directory in the generated JAR. If I remove them, it works 
fine.

Original issue reported on code.google.com by fullung@gmail.com on 7 Apr 2010 at 7:07

GoogleCodeExporter commented 8 years ago
Hi fullung,

Thanks for your report :)
I indeed wish I knew how to better use the maven shade plugin... Hopefully a 
well-
located exclusion of the .sf files will help, but in the meanwhile you have two 
workarounds :

- run the .jar with -noverify
- build the whole nativelibs4java tree following these build instructions 
closely : 
http://code.google.com/p/javacl/wiki/Build. 

Your issue comes from the fact that you're building jnaerator without signing, 
but 
doing so you're implicitely downloading dependencies from NL4J's FTP that are 
signed 
(hence a mismatch, as I forgot / failed to exclude the dependencies' signature 
files 
from the shaded Jar ; java then believes the signature is for the whole shaded 
jar, 
while it only covers a small part of it). If you build and install all these 
dependencies in your local Maven repository, everything should be consistent.

Cheers

Original comment by olivier.chafik@gmail.com on 7 Apr 2010 at 9:31

GoogleCodeExporter commented 8 years ago
Hi,
This issue moved to Github :
https://github.com/ochafik/nativelibs4java/issues/140

Thanks for not updating this page anymore and adding further comments on Github.
Cheers
--
zOlive

Original comment by olivier.chafik@gmail.com on 1 Sep 2011 at 7:25