[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [cross-project-issues-dev] A funny thing happened on the way to Mars.2 -- in Orbit
|
Hi,
David M Williams wrote:
> But since there is a "bad" one out there (in Orbit, at least) with the
> same version, I was suggesting to verify if it was in your project
> repositories to make sure you had the good one.
>
> If it is the good one, you get "jar verified" as above.
>
> If it is "the bad one" it will be pretty obvious:
>
> $ jarsigner -verify
> org.apache.httpcomponents.httpclient_4.3.6.v201411290715.jar
> jarsigner: java.lang.SecurityException: SHA1 digest error for
> org/apache/http/client/cache/HttpCacheEntry.class
FWIW, I just found out that only the plain JAR in Orbit is "bad"; the
JAR.pack.gz is not, i.e., it unpack200s to a JAR that verifies just fine
[1]. If your build prefers pack200ed JARs over plain JARs, you should
get a "good" JAR from Orbit, but of course it's better to double-check
what you are distributing exactly.
Best wishes,
Andreas
[1] <https://bugs.eclipse.org/bugs/show_bug.cgi?id=487833#c12>
--
Codetrails GmbH
The knowledge transfer company
Robert-Bosch-Str. 7, 64293 Darmstadt
Phone: +49-6151-276-7092
Mobile: +49-170-811-3791
http://www.codetrails.com/
Managing Director: Dr. Marcel Bruch
Handelsregister: Darmstadt HRB 91940
