Re: [orbit-dev] Pushing bcprov and bcpkix 1.51 into Orbit

[Matthias Sohn <matthias.sohn@xxxxxxxxx>]

On Wed, May 6, 2015 at 6:46 PM, Roland Grunberg <rgrunber@xxxxxxxxxx> wrote:

Hey everyone,

I plan to push bcprov-jdk15on, and bcpkix-jdk15on 1.51 (CQ 9636,
CQ 9589) into Orbit for Mars but given Bugs 390058, and 391302 I thought
I would first check here to confirm this isn't going to affect anyone
else's work. As far as I can tell, bouncycastle packages never made it
in due to the JCE provider signature corruption issue.

The com.spotify.docker.client library I intend to finally push only uses
bcprov/bcpkix API and doesn't need it registered as a JCE Provider. Looking
at comment #16 in Bug 390058, it seems an acceptable workaround to let the
build sign the jar and simply use bouncycastle API. Does anyone have any
issue with using this approach ?

I'd be willing to try out some other solution to get both cases working if
anyone is aware of one. Did generating an embedded jar where the outer one
is signed by the build, and the inner one is left as-is ever work ?

Bouncycastle 1.51 libraries contain proper OSGi manifests (this wasn't the case

for 1.47 which I failed to provide in Orbit due to the mentioned JCE signing issues).

So sticking to the original signing and not resigning them with Eclipse signature

should avoid breaking the JCE signatures.

We (JGit) plan to go for Bouncycastle 1.52 and filed corresponding CQs.

-Matthias