[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [p2-dev] Galileo mirroring problem. [SOLUTION]
- From: Thomas Hallgren <thomas@xxxxxxx>
- Date: Sat, 09 May 2009 13:00:05 +0200
- Delivered-to: firstname.lastname@example.org
- User-agent: Thunderbird 220.127.116.11 (X11/20090320)
The problem was threefold:
1. Buckminster uses its own Pack200 implementation and the Java
Pack200.Packer has two methods:
pack(JarInputStream input, OutputStream out);
pack(JarFile input, OutputStream out);
The former obtains the Manifest from the JarInputStream.getManifest()
method and then writes it back. During that flow the parser/writer seems
to change a byte or two in the manifest itself. The consequence of using
this pack method is that the manifest digest is no longer valid in some
respects, which brings us to problem #2.
2. The default jarsigner at build.eclipse.org is and old 1.4.2 version.
Apparently it doesn't check the manifest digest. Hence my confusion that
the unpacked jars seemed valid.
3. The OSGi SignatureVerifier doesn't discover the invalid manifest when
using a IBM J9 Java 6. I haven't been able to pinpoint why that is. The
Java 5 version always fails and so does a Sun Java 6 on other machines.
The solution was to change Buckminsters jarpacker to use the other
Packer.pack() method. A bit unfortunate since it broke an otherwise
very efficient pipe scheme. But I can live with that :-)
Thanks for your help and support. I added some suggestions on how to
improve the way we handle pack200 on