要运行maven-shade-plugin,由于签名依赖,我必须使用描述here的方法,如下所示:
<plugin>
<artifactId>maven-shade-plugin</artifactId>
<executions>
<execution>
<phase>package</phase>
<goals><goal>shade</goal></goals>
<configuration>
<filters>
<filter>
<!-- filter out signature files from signed dependencies, else repackaging fails with security ex -->
<artifact>*:*</artifact>
<excludes>
<exclude>META-INF/*.SF</exclude>
<exclude>META-INF/*.DSA</exclude>
<exclude>META-INF/*.RSA</exclude>
</excludes>
</filter>
</filters>
</configuration>
</execution>
</executions>
</plugin>
问题:如何告诉哪个 JAR导致插件失败?它似乎不是最近提到的那个。
调试输出的尾部:
[DEBUG] We have a duplicate org/jdom2/xpath/util/AbstractXPathCompiled.class in C:\Users\me\aaaa-1.11.0-SNAPSHOT.jar
[DEBUG] We have a duplicate org/jdom2/xpath/util/XPathDiagnosticImpl.class in C:\Users\me\aaaa-1.11.0-SNAPSHOT.jar
[DEBUG] Processing JAR C:\Users\me\bbbb-1.11.0-SNAPSHOT.jar
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Retrievers JAR ................................ FAILURE [ 9.581 s]
[INFO] Retrievers .................................... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 10.208 s
[INFO] Finished at: 2015-05-12T14:20:54-05:00
[INFO] Final Memory: 100M/726M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-shade-plugin:2.3:shade (default) on project aaa-retrievers-jar: Error creating shaded jar: Invalid signature file digest for Manifest main attributes -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-shade-plugin:2.3:shade (default) on project aaa-retrievers-jar: Error creating shaded jar: Invalid signature file digest for Manifest main attributes
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:216)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:108)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:76)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:116)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:361)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:155)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:584)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:213)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:157)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
Caused by: org.apache.maven.plugin.MojoExecutionException: Error creating shaded jar: Invalid signature file digest for Manifest main attributes
at org.apache.maven.plugins.shade.mojo.ShadeMojo.execute(ShadeMojo.java:566)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:133)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:208)
... 19 more
Caused by: java.lang.SecurityException: Invalid signature file digest for Manifest main attributes
at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:284)
at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:238)
at java.util.jar.JarVerifier.processEntry(JarVerifier.java:316)
at java.util.jar.JarVerifier.update(JarVerifier.java:228)
at java.util.jar.JarFile.initializeVerifier(JarFile.java:383)
at java.util.jar.JarFile.getInputStream(JarFile.java:450)
at org.apache.maven.plugins.shade.DefaultShader.shade(DefaultShader.java:147)
at org.apache.maven.plugins.shade.mojo.ShadeMojo.execute(ShadeMojo.java:471)
... 21 more
[ERROR]
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
答案 0 :(得分:6)
shade插件正在解压缩所有包含的依赖项并将其内容填充到一个jar文件中。就像你自己写完所有内容一样。
配置告诉shade插件不要移动任何以.SF,.DSA或.RSA结尾的文件,如果它们包含在名为META-INF的目录中。
所以你需要做的就是找出哪个jar有这些文件。
我要做的第一件事是注释掉过滤器部分并重新构建。然后grep你的阴影jar为那些扩展。它可能会为您提供包装的线索。
jar命令的-t选项将列出存档中的所有文件而不提取它们。一般来说,jar语法与tar非常相似。
jar -tvf target/myapp-1.0.3-SNAPSHOT.jar | grep -i dsa
META-INF/BCKEY.DSA
就我而言,这很明显。我最近添加了Bouncy Castle作为依赖。 BCKEY.DSA似乎可能是Bouncy Castle Key。
确认我刚刚在充气城堡罐子上执行了同样的操作。因为我用maven构建了这个,所以jar在我的本地存储库中:
tar -tvf .m2/repository/org/bouncycastle/bcprov-jdk15on/1.48/bcprov-jdk15on-1.48.jar | grep -i dsa
-rwxrwxrwx 0 0 0 0 Feb 9 2013 META-INF/BCKEY.DSA
答案 1 :(得分:0)
要获取使用Maven和bash + awk + sed的已签名JAR列表,可以尝试执行以下操作:
#!/bin/bash
mvn_classpath=`mvn dependency:build-classpath -B | awk '/Dependencies classpath:/{getline; print}' | sed -e s/:/\\\\n/g`
for jar in $mvn_classpath; do
echo -n `jarsigner -verify $jar | grep verified | wc -l`; echo " $jar";
done
这将列出您的项目使用的JAR文件-已签名和验证的文件前面带有1,未签名的前面是0。我没有无法验证的已签名JAR,因此我不确定在这种情况下,逻辑应该看起来。