Red Hat Bugzilla – Bug 794503
Ensure all JON jar files are *NOT* signed and that there are no unintended consequences of that
Last modified: 2015-02-01 18:27:43 EST
In jon3.0.0 and 3.0.1 we had to not sign a jar (rhq-script-bindings-*.jar e.g. rhq-script-bindings-4.2.0.JON.3.0.1.GA.jar) due to the problems it was causing in the CLI. These problems are described in BZ-759173
This BZ is for the task of getting to the bottom of the actual cause of 759173, fixing it and re-enabling signing on the rhq-script-bindings-*.jar.
note to charles - if you prefix a bz number with "bug #" - bugzilla will display that as a link from right here in the comments view :)
see bug #759173
I wonder if bug #759615 could also be related to this
(In reply to comment #2)
> I wonder if bug #759615 could also be related to this
I would bet it is. I actually forgot about that utility I wrote. I'll rescan the libs. I was just working on this today and can confirm if we sign all the jars in the CLI lib/ the error still happens.
to replicate the problem:
1. Start the CLI and connect to RHQ server (rhq-cli.sh -u rhqadmin -p rhqadmin)
2. Locate an web-app for a Tomcat Server (in this example 10218)
2. Run the following commands:
a. webapp = ProxyFactory.getResource(10218)
It doesn't matter what path you put in for b. - if you see something to the effect of:
TypeError: Cannot find function retrieveBackingContent
the problem exists.
To test, you need to sign the jars (note, step 3 just confirms the keystore is OK):
1. keytool -genkey -keystore /tmp/myKeystore -alias myself
2. keytool -selfcert -alias myself -keystore /tmp/myKeystore
3. keytool -list -keystore /tmp/myKeystore
4. jarsigner -keystore /tmp/myKeystore <a jar file in /lib> myself
Repeat step 4 for all the jars in the CLI lib/ and run the replication steps and the problem will happen.
I ended up refactoring the org.rhq.core.server package name to
https://bugzilla.redhat.com/show_bug.cgi?id=759615#c1 is the cause.
But the problem is still showing up. I thought this was the magic bullet, but I
(5:32:07 PM) ccrouch: mazz: so are you still seeing https://bugzilla.redhat.com/show_bug.cgi?id=759173#c9
(5:32:55 PM) ccrouch: that seems to describe the problem pretty succinctly
(5:32:59 PM) ccrouch: javassist.CannotCompileException: by java.lang.SecurityException: class "org.rhq.bindings.client.ResourceClientProxy5bc8d4d1a9859af5aab6a918a6d1029f0a8754cc60136a74fe735ef34d2ff4f1"'s
(5:35:15 PM) ccrouch: somewhere in the CLI we're using javassist to create classes, presumably extending ResourceClientProxy?, and the classes are being put in the wrong package
(5:36:16 PM) ccrouch: i.e. an existing package which has got signed stuff in it already
(5:36:16 PM) ccrouch: the classes just need to go into a different package
(5:44:51 PM) ccrouch: http://git.fedorahosted.org/git?p=rhq/rhq.git;a=blob;f=modules/enterprise/binding/src/main/java/org/rhq/bindings/client/ResourceClientFactory.java#l149
(5:46:39 PM) ccrouch: we shouldn't be using class.getName(), rather "org.rhq.our.new.random.package" + class.getSimpleName()
OK, yes, this CLI log clearly states the issue:
2012-03-30 09:45:03,610 ERROR [RHQ Client Prompt Input Thread] (org.rhq.bindings.client.ResourceClientFactory)- Could not create custom interface for resource with id 10218
javassist.CannotCompileException: by java.lang.SecurityException: class "org.rhq.bindings.client.ResourceClientProxye56bc7edadf38ce9e6deadd7f7b3e77a98baef002ed39ce37a04eb3b457d4c28"'s signer information does not match signer information of other classes in the same package
Caused by: java.lang.SecurityException: class "org.rhq.bindings.client.ResourceClientProxye56bc7edadf38ce9e6deadd7f7b3e77a98baef002ed39ce37a04eb3b457d4c28"'s signer information does not match signer information of other classes in the same package
master commit: 3266294b4768113f529df1d77b03e056579389e5
see comment #4 for replication procedures.
Pushing this to ONQA, any recent JON ER build should not be signed and would be
suitable for testing this
Verified on 3.1.0.GA for eap5 and eap6. It was working for both signed and unsigned jars. Found bug #830841 during verification.
Bulk closing of old issues in VERIFIED state.