www-infrastructure-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Maxim Solodovnik (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (INFRA-12336) "Invalid signature file digest for Manifest main attributes" after signing
Date Tue, 02 Aug 2016 14:15:20 GMT

     [ https://issues.apache.org/jira/browse/INFRA-12336?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Maxim Solodovnik updated INFRA-12336:
-------------------------------------
    Attachment: bcprov-jdk15on-1.54_original.jar
                bcprov-jdk15on-1.54-signed.jar
                bcprov-jdk15on-1.54-self.jar

All jars are added

The difference in Manifest is:

Then self-signed certificate is used, Manifest file is unchanged, only additional signature
files *.DSA, *.SF are added to META-INF folder

Then Symantec service is used MANIFEST.MF is changed
every class has additional SHA1-Digest (Original SHA-256-Digest remains)

Unfortunately it is impossible to change manifest with original :( (I beleive it's expected)

> "Invalid signature file digest for Manifest main attributes" after signing
> --------------------------------------------------------------------------
>
>                 Key: INFRA-12336
>                 URL: https://issues.apache.org/jira/browse/INFRA-12336
>             Project: Infrastructure
>          Issue Type: Bug
>          Components: Codesigning
>            Reporter: Maxim Solodovnik
>            Assignee: Mark Thomas
>         Attachments: bcprov-jdk15on-1.54-self.jar, bcprov-jdk15on-1.54-signed.jar, bcprov-jdk15on-1.54_original.jar
>
>
> I'm trying to release Apache Openmeetings.
> We using symantec codesigning to sign distributed Java Web Start application.
> It contains bcprov-jdk15on-1.54.jar
> According to the FAQ [1] to "use signed jars (such as JCE extensions)" I "can multiply
sign the jar, adding code signing certificates over another existing certificate chain"
> and it works as expected in our nightly builds using self-signed certificates.
> Unfortunately I got 
> "Unable to load resource"
> "Invalid signature file digest for Manifest main attributes"
> After signing using Symantec service
> Would appreciate if you can fix it ASAP
> Our build/sign instructions are here [2]
> [1] https://docs.oracle.com/javase/8/docs/technotes/guides/javaws/developersguide/faq.html#s221
> [2] http://openmeetings.apache.org/ReleaseGuide.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message