Description of problem: Several jars in the Maven repo are signed. I am not sure if it is a big problem, but IMO we should sign all the jars or none (e.g. remove the signing from third party jars). See https://jenkins.mw.lab.eng.bos.redhat.com/hudson/job/brms-maven-repo-wolf-validator/lastCompletedBuild/testReport/(root)/JarSignedException/ for up-to-date list of signed jars.
This should be fixed along with missing/wrong dependencies, because these artifacts were included by mistake because of a bug in our dependency grapher,
Actually this one doesn't seem to be resolved completely by the fixed tool. Removing from 6.0.1 as we are not able to resolve this now.
Following files are signed (6.1.0.ER2): bcel/bcel/5.2/bcel-5.2.jar com/ibm/icu/icu4j/3.4.5-redhat-1/icu4j-3.4.5-redhat-1.jar org/apache/ant/ant-junit/1.8.3-redhat-1/ant-junit-1.8.3-redhat-1-sources.jar org/apache/ant/ant-junit/1.8.3-redhat-1/ant-junit-1.8.3-redhat-1.jar org/apache/ant/ant-launcher/1.8.3-redhat-1/ant-launcher-1.8.3-redhat-1-sources.jar org/apache/ant/ant-launcher/1.8.3-redhat-1/ant-launcher-1.8.3-redhat-1.jar org/apache/ant/ant/1.8.3-redhat-1/ant-1.8.3-redhat-1-javadocs.jar org/apache/ant/ant/1.8.3-redhat-1/ant-1.8.3-redhat-1-sources.jar org/apache/ant/ant/1.8.3-redhat-1/ant-1.8.3-redhat-1.jar regexp/regexp/1.5/regexp-1.5.jar
I checked these jars. They are signed by MEAD import process years before. There was a time that we would signed the jars when we import jars or build jar in MEAD. But after that we don't sign them any more. So that why some jars are still signed. We found that ant* 1.8.3-redhat-1 can remove since we only need 1.8.2. There are still a few jar , bcel, icu4j, regexp which contains JBOSS signature. I think this is very low priority issues and re-import them and change the GAV would be too much efforts for it. Plus this will be fixed naturely along with https://bugzilla.redhat.com/show_bug.cgi?id=1061163. ie when we build all artifact from source. So we prefer that WONTFIX for this issue @Petr, Do you think we could close this issue? (In reply to Petr Siroky from comment #5) > Following files are signed (6.1.0.ER2): > > bcel/bcel/5.2/bcel-5.2.jar > com/ibm/icu/icu4j/3.4.5-redhat-1/icu4j-3.4.5-redhat-1.jar > org/apache/ant/ant-junit/1.8.3-redhat-1/ant-junit-1.8.3-redhat-1-sources.jar > org/apache/ant/ant-junit/1.8.3-redhat-1/ant-junit-1.8.3-redhat-1.jar > org/apache/ant/ant-launcher/1.8.3-redhat-1/ant-launcher-1.8.3-redhat-1- > sources.jar > org/apache/ant/ant-launcher/1.8.3-redhat-1/ant-launcher-1.8.3-redhat-1.jar > org/apache/ant/ant/1.8.3-redhat-1/ant-1.8.3-redhat-1-javadocs.jar > org/apache/ant/ant/1.8.3-redhat-1/ant-1.8.3-redhat-1-sources.jar > org/apache/ant/ant/1.8.3-redhat-1/ant-1.8.3-redhat-1.jar > regexp/regexp/1.5/regexp-1.5.jar
Ryan, according to project Wolf requirements (https://mojo.redhat.com/docs/DOC-187749) source jars must be provided for all runtime artifacts included in the repository. Fixing this naturally by https://bugzilla.redhat.com/show_bug.cgi?id=1061163 would definitely be great. However, I would prefer to leave this BZ open as we need to keep track of this issue.
Disregard the previous comment. I was mistakenly referring to -sources jars instead of signed jars. In 6.1.0.ER3 repo, there are only three signed jars: File bcel/bcel/5.2/bcel-5.2.jar is signed File com/ibm/icu/icu4j/3.4.5-redhat-1/icu4j-3.4.5-redhat-1.jar is signed File regexp/regexp/1.5/regexp-1.5.jar is signed Fixing this naturally by https://bugzilla.redhat.com/show_bug.cgi?id=1061163 would definitely be great. However, I would prefer to leave this BZ open as we need to keep track of this particular issue.
Last 2 artifacts were removed so the ER5 repo should be clean.
Verified that the above mentioned artifacts are not present in BxMS 6.2.0 CR1 Maven repository. However, two of them have been moved to Integration Pack Maven repository, I have filed a separate issue [1] to keep track of it. According to Wolf validator, there should be no signed artifacts in BxMS 6.2.0 CR1 Maven repository. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1286174