You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 7, 2024. It is now read-only.
As described in this blog post, if you try to include a jarsigner-signed dependency, you get a nasty "Invalid signature file digest for Manifest main attributes" stacktrace.
The blog above suggests adding the following snippet to the shade plugin <configuration> section.
I'm new to Maven and Shade, so I'm not sure what the security implications of doing this are, but I thought I should suggest it. Thanks for writing the guide; i found it very useful.
The text was updated successfully, but these errors were encountered:
Thanks @stash , but I think these adjustments to the maven-shade-plugin would go too far out of the way of the focus of this guide. This guide is meant to get the reader going on some basic maven stuff. We simply added the maven-shade-plugin as the means to make the code runnable without complex classpath steps on the command line. For anyone working on a production solution, they should certainly evaluate more complex settings when dealing with things like signed jars, etc.
Does that configuration work for you? I doesn't work for me. The generated jar file still contains signature files and when I try to run jarsigner -verify jarfileName it will print out the error message "java.lang.SecurityException: Invalid signature file digest for Manifest main attributes".
As described in this blog post, if you try to include a
jarsigner
-signed dependency, you get a nasty "Invalid signature file digest for Manifest main attributes" stacktrace.The blog above suggests adding the following snippet to the shade plugin
<configuration>
section.I'm new to Maven and Shade, so I'm not sure what the security implications of doing this are, but I thought I should suggest it. Thanks for writing the guide; i found it very useful.
The text was updated successfully, but these errors were encountered: