| Re: [jgit-dev] Hamcrest Matcher libraries are not aligned? |
On Thu, May 24, 2018 at 1:13 PM David Pursehouse <david.pursehouse@xxxxxxxxx> wrote:On Thu, May 24, 2018 at 11:09 AM Masaya Suzuki <draftcode@xxxxxxxxx> wrote:Hi,I find that when I run org.eclipse.jgit.transport.UploadPackTest in Eclipse, it throws an exception: java.lang.SecurityException: class "org.hamcrest.Matchers"'s signer information does not match signer information of other classes in the same packageI'm using the target platform "jgit-4.8", and it seems it uses org.hamcrest.core 1.3.0.v20180227-1814 and org.hamcrest.library 1.3. 0.v201505072020 from http://download.eclipse. org/tools/orbit/downloads/ . The downloaded jars are signed, but it looks like the certs used to sign are different. According to jarsigner, org.hamcrest.coredrops/S20180302171354/ repository 1.3.0.v20180227-1814 is signed with - Signed by "CN="Eclipse.org Foundation, Inc.", OU=IT, O="Eclipse.org Foundation, Inc.", L=Nepean, ST=Ontario, C=CA"Digest algorithm: SHA-256Signature algorithm: SHA256withRSA, 2048-bit keyTimestamped by "CN=Symantec SHA256 TimeStamping Signer - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US" on Fri Mar 02 17:07:56 UTC 2018Timestamp digest algorithm: SHA-256Timestamp signature algorithm: SHA256withRSA, 2048-bit keywhile org.hamcrest.library 1.3.0.v201505072020 is signed with - Signed by "CN="Eclipse Foundation, Inc.", OU=IT, O="Eclipse Foundation, Inc.", L=Ottawa, ST=Ontario, C=CA"Digest algorithm: SHA-256Signature algorithm: SHA256withRSA, 2048-bit keyTimestamped by "CN=GeoTrust Timestamping Signer 1, O=GeoTrust Inc, C=US" on Tue May 12 22:11:46 UTC 2015Timestamp digest algorithm: SHA-1Timestamp signature algorithm: SHA1withRSA, 1024-bit keyI think this was introduced by https://eclipse.googlesource.com/jgit/jgit/+/ , but it's almost three months ago. Maybe my set-up is wrong, but does anybody see the same problem?9b414ffd3c4304fb45c5af8cf56f99 0b438c4ca8 I also get the same SecurityException in Eclipse, but it's not limited to UploadPackTest. The following tests also fail with the same cause:- DfsBlockCacheConfigTest- PackInserterTest- GcPackRefsTestThe following tests also fail, but due to assertion failures unrelated to hamcrest:- EGitPatchHistoryTest- CGitVsJGitRandomIgnorePatternTest All the tests pass with mvn and bazel on the command line. I guess the reason these failures in Eclipse have been overlooked is that nobody runs the entire suite in Eclipse.