eclipse-jarsigner-plugin causing problems with shaded jar #168
Comments
|
There is no sensitive information in the jar. Perhaps the shading process disturbs the content such that there's a signature error? Does this error occur for a particular file? |
|
It occurs when executing the jar. Shading does break any signatures. It kinda unpacks and repacks the jars. |
|
Here is a repo I created to show the issues down the line: https://github.com/hmottestad/signature-problem run.sh builds and runs everything (use java 8) The Pom.xml file contains some comments for a workaround. |
|
Your JTS projected uses pgp signing instead. This signing doesn’t sign the jar as forcefully. Could you switch to that way of signing for this project too? |
|
And merry Christmas :) |
|
I§ve made a PR: #169 |
dsmiley
pushed a commit
that referenced
this issue
Dec 26, 2018
… that users that build/package this project can use fat jars without having to strip out signatures Signed-off-by: Håvard Ottestad <hmottestad@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I'm using RDF4J which uses your library deeper within. When I wrap everything in a shaded jar in the end I get a signature error.
I think it is because your jar is being signed with the eclipse jar signer plugin.
So far I know that bouncy castle signs their jars to make sure that the crypto content isn't modified.
Is there any such sensitive information in your jar files (eg. crypto implementations)?
Cheers,
Håvard
The text was updated successfully, but these errors were encountered: