maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sylwester Lachiewicz (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MASSEMBLY-873) Maven-Assembly-Plugin freezes when building jar-with-dependencies of project depending on org.bouncycastle:bcprov-jdk15on:1.58
Date Mon, 30 Jul 2018 21:12:00 GMT

    [ https://issues.apache.org/jira/browse/MASSEMBLY-873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16562510#comment-16562510
] 

Sylwester Lachiewicz commented on MASSEMBLY-873:
------------------------------------------------

See my analys and comment [https://github.com/codehaus-plexus/plexus-io/issues/12]

??With cache disabled in class sun.net.www.protocol.jar.JarURLConnection.JarURLInputStream
with every close() - jar file is closed also. For jars like Bouncycastle with signatures inside
- reading every entry (ie open jar) involves signature verification - that is why we see slow
performance.??

??java.util.jar.JarFile#getInputStream??

 

> Maven-Assembly-Plugin freezes when building jar-with-dependencies of project depending
on org.bouncycastle:bcprov-jdk15on:1.58
> ------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: MASSEMBLY-873
>                 URL: https://issues.apache.org/jira/browse/MASSEMBLY-873
>             Project: Maven Assembly Plugin
>          Issue Type: Bug
>    Affects Versions: 3.1.0
>         Environment: Maven 3.5.2, Java 8u151 (32-bit) as well as 9.0 (64-bit), Windows
10
>            Reporter: Michael Schierl
>            Priority: Major
>         Attachments: pom.xml
>
>
> To reproduce:
> 1. Create a new directory
> 2. Add attached pom.xml (no other sources required to reproduce; in real world you would
add some source that uses BouncyCastle lib, too).
> 3. Run {{mvn package}}
> Actual result:
> Maven hangs after 
> {{[INFO] Building jar: C:\Daten\Eigenes\svn\iota\hang\target\bug-1.0-SNAPSHOT-jar-with-dependencies.jar}}
> , consuming one CPU core.
> Expected result:
> Maven builds a package containing no own source and the dependency (bouncycastle)
> Workaround:
> In maven local repository, edit the .jar file of BouncyCastle and remove the `META-INF\BC*`
files. Then the package can be built again. So it seems to be caused somehow by verifying
signed jar files.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message