Community
Participate
Working Groups
+++ This bug was initially created as a clone of Bug #364754 +++ Read original bug for history, but I'm opening this "clone" since 3 of the cases are different than the rest, and likely indicate a problem of a different nature. The three cases are com.google.gwt.servlet_2.1.0.v20101206-1430.jar.pack.gz com.google.gwt.user_2.0.4.v20100709-0658.jar.pack.gz org.apache.jasper.glassfish_2.2.2.v201111151223.jar.pack.gz When these are unpacked backed to jars, they give "security exceptions" as though they'd been tampered with a message for one class, each. ... java.lang.SecurityException: SHA1 digest error for...
Adding Gunnar and Hugues as maintainer of these this set of bundles ... any ideas? Could they be cases that just shouldn't be packed (like bug 364746)?
It sounds like the GWT bundles shouldn't been packed. But I'm not 100% sure about that.
FYI, the first two (the google ones) are also a problem in maintenance stream (for Indigo SR2) ... seems we'd want to fix them for that? The third, glassfish doesn't show up as a problem so I'd guess it is new in Juno.
The latest I build still had this problem ... I suggest we fix these by putting eclipse.inf file in META-INF directory, with jarprocessor.exclude.pack=true We could, in theory, use p2.remove.ui to remove the 3 problematic pack.gz files, but, my thinking is that if the "pack/unpack/signing" does not work right, that it is due to the very first "conditioning pack" not working right. That it, the classes flagged with problems, may have some corruption even the the conditioned jar. Plus, having the eclipse.inf file will prevent anyone else from "accidentally" packing it ... well ... if they use Eclipse jarprocessor type tools, anyway. If anyone wants to download jars or pack.gz files and investigate closer, be my guest ... otherwise, let's go the eclipse.inf route. = = = = = Here are results of running jarsigner -verify after running unpack200 com.google.gwt.user_2.0.4.v20100709-0658.jar.pack.gz: jarsigner: java.lang.SecurityException: SHA1 digest error for com/google/gwt/user/client/ui/FocusPanel.class exitcode: 1: com.google.gwt.user_2.0.4.v20100709-0658.jar.pack.gz org.apache.jasper.glassfish_2.2.2.v201111151223.jar.pack.gz: jarsigner: java.lang.SecurityException: SHA1 digest error for org/apache/jasper/compiler/Compiler.class exitcode: 1: org.apache.jasper.glassfish_2.2.2.v201111151223.jar.pack.gz com.google.gwt.servlet_2.1.0.v20101206-1430.jar.pack.gz: jarsigner: java.lang.SecurityException: SHA1 digest error for com/google/gwt/editor/ui/client/adapters/HasTextEditor.class exitcode: 1: com.google.gwt.servlet_2.1.0.v20101206-1430.jar.pack.gz
I'm anxious to get this in for M4 ... so I'll plan on adding the three eclipse.inf files .... unless I hear a _quick_ objection. (Of course, you can always object later and revert the change :)
I've made the changes and submitted for build and will verify later. FYI, for these three projects, I tagged with v201111291940 I commented earlier that two of the bundles were also a problem with maintenance stream. Its a little unclear if we should fix there. I'm leaning towards "not", since our policy is to normally only fix bad bugs that people have complained about ... but I could be convinced otherwise. If we do want to fix in Indigo_maintenance, we could use the exact same tags in the bundles.map file for those two cases.
fixed with http://download.eclipse.org/tools/orbit/downloads/drops/I20111129194920/repository/ Of course, you might test the "real" jars to make sure the look ok ... but, they are no longer packed, so no longer unpacked errors.
Thanks very much David, my sincere apologies for not acting on this bug faster.
*** Bug 370002 has been marked as a duplicate of this bug. ***
