Signed jar verification fails when nested in an uber war running on an Oracle JVM #47284
Conversation
spring-projects-issues
added
the
status: waiting-for-triage
DKARAGODIN
force-pushed
the
gh-28837
branch
from
d8bacf7 to
f398a1b
Compare
wilkinsona
changed the title
wilkinsona
added
type: bug
|
Thanks for the PR. Could you please add some tests on the Gradle side, similar to those that were added in 33c5e12. It may be possible to move |
wilkinsona
added
the
status: waiting-for-feedback
DKARAGODIN
force-pushed
the
gh-28837
branch
from
f398a1b to
5dff5c2
Compare
Done. Also deleted field |
spring-projects-issues
added
status: feedback-provided
| } | ||
|
|
||
| protected void signed(String bundling) throws IOException { | ||
| assertThat(this.gradleBuild.build(bundling).task(":" + bundling).getOutcome()).isEqualTo(TaskOutcome.SUCCESS); |
There was a problem hiding this comment.
You can use this.taskName here instead of bundling and further simplify the sub-classes.
There was a problem hiding this comment.
Done.
Deleted tests in sub-classes.
DKARAGODIN
force-pushed
the
gh-28837
branch
2 times, most recently
from
40533cb to
c21d083
Compare
|
Fixed merge conflicts introduced by bc46bb2. |
This commit extends 33c5e12 to uber War. Fixes spring-projectsgh-28837 Signed-off-by: Dmitrii Karagodin <[email protected]>
|
Fixed merge conflicts introduced by 44099d3. |
|
Do I need to do something for this PR to be merged and included in 3.5.7? |
|
No, there's nothing you need to do. We're focusing pretty heavily on 4.0.0-RC1 at the moment so this change may not make it into this month's maintenance releases. Thanks for your patience in the meantime. |
There is an issue with spring boot app as fat Jar that runs on Oracle JVM and uses third-party crypto libraries.
#28837
The hacked solution committed 33c5e12 is relevant to this day because
ZipFile.getManifestName(onlyIfSignatureRelatedFiles)stays private. But this hacked solution only works for uber Jar.In this PR I extend this hack to uber War.