New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
eclipse-jarsigner-plugin causing problems with shaded jar #168
Comments
There is no sensitive information in the jar. Perhaps the shading process disturbs the content such that there's a signature error? Does this error occur for a particular file? |
It occurs when executing the jar. Shading does break any signatures. It kinda unpacks and repacks the jars. |
Here is a repo I created to show the issues down the line: https://github.com/hmottestad/signature-problem run.sh builds and runs everything (use java 8) The Pom.xml file contains some comments for a workaround. |
Your JTS projected uses pgp signing instead. This signing doesn’t sign the jar as forcefully. Could you switch to that way of signing for this project too? |
And merry Christmas :) |
I§ve made a PR: #169 |
… that users that build/package this project can use fat jars without having to strip out signatures Signed-off-by: Håvard Ottestad <hmottestad@gmail.com>
Hi,
I'm using RDF4J which uses your library deeper within. When I wrap everything in a shaded jar in the end I get a signature error.
I think it is because your jar is being signed with the eclipse jar signer plugin.
So far I know that bouncy castle signs their jars to make sure that the crypto content isn't modified.
Is there any such sensitive information in your jar files (eg. crypto implementations)?
Cheers,
Håvard
The text was updated successfully, but these errors were encountered: