Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 365490

Summary: at least 4 bundles (with nested jars) can not be "unpacked" with Java 7
Product: [Technology] CBI Reporter: David Williams <david_williams>
Component: CBI p2 Repository AggregatorAssignee: Project Inbox <b3.aggregator-inbox>
Status: RESOLVED DUPLICATE QA Contact:
Severity: normal    
Priority: P3 CC: thomas
Version: unspecified   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Whiteboard:
Attachments:
Description Flags
summary log where exceptions were thown by aggregator, while verifying pack.gz files none

Description David Williams CLA 2011-12-02 16:21:37 EST 
Created attachment 207870 [details]
summary log where exceptions were thown by aggregator, while verifying pack.gz files

While exploring bug 364928, I've discovered, apparently, there are at least 4 bundles that can not be unpacked correctly. I think it has to do with "nested jars", some how (though, I know there are other nested jars bundles that are ok ... so ... would need to study). 

org.apache.ant,1.8.2.v20110505-1300
org.junit,3.8.2.v3_8_2_v20100427-1100
org.jmock,1.2.0.v201108251452
org.junit,4.8.2.v4_8_2_v20110321-1705

I'll attach whole log. 

"We" might be seeing this now, since we have not previously "packed" Orbit bundles ... but, leave it up to each project that used them. So, either those consuming projects simply don't pack anything ... or, perhaps they have taken measures to avoid packing these specific one in their own build setups.
Comment 1 David Williams CLA 2011-12-02 18:36:53 EST 
Hmm, I checked org.apache.ant, version v20110505-1300, in the cvs repository, and it _does_ have an eclipse.inf file, with 

jarprocessor.exclude.children.sign=true
Comment 2 David Williams CLA 2011-12-02 18:48:28 EST 
I think this might be an aggregator "verify" bug ... like its verifying too much.
Comment 3 David Williams CLA 2011-12-02 18:57:38 EST 
While these bundles are flagged as having "tampered" content ... I think that it should not be checking the nested jars. 

I looked at the apache.ant jar, and pack.gz file in detail. 

As mentioned, it does have jarprocessor.exclude.children.sign=true in its eclipse.inf. 

I could unpack200 the pack.gz version (with not errors) and then ran java's jarsigner -verify and the jar verified ok. It did say Warning: This jar contains unsigned entries which have not been integrity-checked. ... but, no error. 

If I recall, the aggregator uses some OSGi security function to check these jars ... maybe that's where the bug is? But ... thought I'd start with aggregator. 

These jars could be downloaded one by one from 
http://download.eclipse.org/tools/orbit/downloads/drops/S20111201180206/ 

such as from clicking on the table, 
http://www.eclipse.org/downloads/download.php?r=1&file=/tools/orbit/downloads/drops/S20111201180206/repository/plugins/org.apache.ant_1.8.2.v20110505-1300.jar 

and with a little manual intervention
http://www.eclipse.org/downloads/download.php?r=1&file=/tools/orbit/downloads/drops/S20111201180206/repository/plugins/org.apache.ant_1.8.2.v20110505-1300.jar.pack.gz
Comment 4 Thomas Hallgren CLA 2011-12-03 05:02:21 EST 
I've experienced similar problems (nested jars failing) and discovered that this was caused by using Java 7. This is reported in bug 361628. Could this be related to that bug?

Please elaborate how you think the aggregator can be improved to handle this situation. The aggregator uses p2 to unpack and it doesn't have any checking of it's own. The only difference between the aggregator and the IDE installer is that installer silently ignores errors in pack.gz files if it can fall back on the jar.
Comment 5 David Williams CLA 2011-12-03 10:27:11 EST 
I have confirmed, that "moving back" to Java 6 allowed the aggregation to succeed just fine ... so, agree, this is a Java 7 issue and dup of bug 361628. Thanks for the pointer.

*** This bug has been marked as a duplicate of bug 361628 ***
Comment 6 David Williams CLA 2016-09-16 15:58:35 EDT 
[Bookkeeping change only. Moving bugs to the new "home" of aggregator, CBI.
No change to assignee for resolved and verified bugs.]