Community
Participate
Working Groups
Created attachment 207870 [details] summary log where exceptions were thown by aggregator, while verifying pack.gz files While exploring bug 364928, I've discovered, apparently, there are at least 4 bundles that can not be unpacked correctly. I think it has to do with "nested jars", some how (though, I know there are other nested jars bundles that are ok ... so ... would need to study). org.apache.ant,1.8.2.v20110505-1300 org.junit,3.8.2.v3_8_2_v20100427-1100 org.jmock,1.2.0.v201108251452 org.junit,4.8.2.v4_8_2_v20110321-1705 I'll attach whole log. "We" might be seeing this now, since we have not previously "packed" Orbit bundles ... but, leave it up to each project that used them. So, either those consuming projects simply don't pack anything ... or, perhaps they have taken measures to avoid packing these specific one in their own build setups.
Hmm, I checked org.apache.ant, version v20110505-1300, in the cvs repository, and it _does_ have an eclipse.inf file, with jarprocessor.exclude.children.sign=true
I think this might be an aggregator "verify" bug ... like its verifying too much.
While these bundles are flagged as having "tampered" content ... I think that it should not be checking the nested jars. I looked at the apache.ant jar, and pack.gz file in detail. As mentioned, it does have jarprocessor.exclude.children.sign=true in its eclipse.inf. I could unpack200 the pack.gz version (with not errors) and then ran java's jarsigner -verify and the jar verified ok. It did say Warning: This jar contains unsigned entries which have not been integrity-checked. ... but, no error. If I recall, the aggregator uses some OSGi security function to check these jars ... maybe that's where the bug is? But ... thought I'd start with aggregator. These jars could be downloaded one by one from http://download.eclipse.org/tools/orbit/downloads/drops/S20111201180206/ such as from clicking on the table, http://www.eclipse.org/downloads/download.php?r=1&file=/tools/orbit/downloads/drops/S20111201180206/repository/plugins/org.apache.ant_1.8.2.v20110505-1300.jar and with a little manual intervention http://www.eclipse.org/downloads/download.php?r=1&file=/tools/orbit/downloads/drops/S20111201180206/repository/plugins/org.apache.ant_1.8.2.v20110505-1300.jar.pack.gz
I've experienced similar problems (nested jars failing) and discovered that this was caused by using Java 7. This is reported in bug 361628. Could this be related to that bug? Please elaborate how you think the aggregator can be improved to handle this situation. The aggregator uses p2 to unpack and it doesn't have any checking of it's own. The only difference between the aggregator and the IDE installer is that installer silently ignores errors in pack.gz files if it can fall back on the jar.
I have confirmed, that "moving back" to Java 6 allowed the aggregation to succeed just fine ... so, agree, this is a Java 7 issue and dup of bug 361628. Thanks for the pointer. *** This bug has been marked as a duplicate of bug 361628 ***
[Bookkeeping change only. Moving bugs to the new "home" of aggregator, CBI. No change to assignee for resolved and verified bugs.]
