Hide Forgot
project_key: SOA Verifying file: /jbosssoa/eds/modeshape/client/modeshape-client.jar [ERROR] jar is unsigned. (signatures missing or not parsable) https://hudson.qa.jboss.com/hudson/view/SOA-Release/job/soa-signatures/23/bits.type=EMBEDDED,jdk=java16_default,label=RHEL_any/artifact/report.txt
The signing process for modeshape-client.jar fails with: /usr/bin/rpm-sign --jarsign --key="jbosscodesign2009" "./eds/modeshape/client/modeshape-client.jar" Error code: 500 Error message: jarsigner failed jarsigner: unable to sign jar: java.util.zip.ZipException: duplicate entry: META-INF/DEPENDENCIES The duplicate entries in the jar are almost certainly caused because maven's "jar-with-dependencies" plugin is used to build it and multiple (different) versions of some files are being included. Running: unzip -l modeshape-client.jar | awk '{print $NF}' | sort | uniq -c | grep -v "1 " shows: 2 META-INF/DEPENDENCIES 5 META-INF/LICENSE 4 META-INF/NOTICE 3 META-INF/services/javax.ws.rs.ext.Providers and the files are different: 996 08-11-09 20:51 META-INF/DEPENDENCIES 258 06-21-09 13:08 META-INF/DEPENDENCIES 11358 08-11-09 20:51 META-INF/LICENSE 11358 06-21-09 13:08 META-INF/LICENSE 10766 04-20-09 18:50 META-INF/LICENSE 11358 11-19-07 00:16 META-INF/LICENSE 11366 03-30-10 23:14 META-INF/LICENSE 163 08-11-09 20:51 META-INF/NOTICE 161 06-21-09 13:08 META-INF/NOTICE 541 11-19-07 00:16 META-INF/NOTICE 160 03-30-10 23:14 META-INF/NOTICE 966 11-23-09 09:38 META-INF/services/javax.ws.rs.ext.Providers 436 11-23-09 09:39 META-INF/services/javax.ws.rs.ext.Providers 202 11-23-09 09:39 META-INF/services/javax.ws.rs.ext.Providers
Link: Added: This issue is related to SOA-2359
Link: Added: This issue depends JBDS-1312
Please set affects version. Thanks.
Writer: Added: dlesage
Changes have been committed to the 2.2.x modeshape product branch. The changes will rename the duplicate files for NOTICES, LICENSE, and DEPENDENCIES to append the name of the jar it came from (i.e., LICENSE_httpcore.txt). Also, the 3 javax.ws.rs.ext.Providers duplicate properties files will be appended to create a single properties file. If I can get locally soa built modeshape-client.jar (at http://mm18-5.mm.atl2.redhat.com/stlshare/van/modeshape-client.jar) signed to verify it succeeds, it would be appreciated.
Link: Added: This issue depends SOA-2848
Release Notes Docs Status: Added: Not Required
Verified fixed in ER9 build.