John D. Ament
Jul 3, 2017, 9:02:43 PM7/3/17
to MicroProfile
Hi,
It's a two-for process and technology question I have here.
At Apache Geronimo, we're trying to implement the Config spec. It's mostly from Mark's original POC. We're having some issues with CI runs specifically the JARs being generated and their signatures. OWB generates proxies in the same packages as the packages used by the signed JARs. Due to the signatures, we're seeing errors like this:
arquillianBeforeTest(org.eclipse.microprofile.config.tck.ConfigProviderTest) Time elapsed: 0.769 sec <<< FAILURE!
java.lang.RuntimeException: Could not inject members
Caused by: org.apache.webbeans.exception.ProxyGenerationException: java.lang.SecurityException: class "org.eclipse.microprofile.config.Config$$OwbNormalScopeProxy0"'s signer information does not match signer information of other classes in the same package
Caused by: java.lang.SecurityException: class "org.eclipse.microprofile.config.Config$$OwbNormalScopeProxy0"'s signer information does not match signer information of other classes in the same package
So I'm wondering, is there any special requirements to generate proxies for the TCK classes? Or are there special SecurityManager requirements for working with Eclipse Signed JARs?
You can take a look at our build output at https://builds.apache.org/view/E-G/view/Geronimo%20Components%20and%20Specs/job/GeronimoConfig/76/console
John
Mark Struberg
Jul 4, 2017, 3:12:32 AM7/4/17
to MicroProfile
Hi!
We also figured another issue while trying to upgrade to RC1
This points to a parent pom which didn't get released. So this pom is strictly seen invalid. You cannot build a project with it :(
Sorry for only seeing it now.
Emily Jiang
Jul 4, 2017, 7:30:00 AM7/4/17
to MicroProfile
Thanks for reporting this, John and Mark! Can either of you raise an issue on the config repo, so that we can get it solved asap?
Emily
Emily Jiang
Jul 4, 2017, 12:07:48 PM7/4/17
to MicroProfile
I had a quick look at the error message. Could this mean that you have two identical jars included somewhere?
I googled a bit on this same symptom and this might be of your interest.
Towards the end, I saw this:
The root problem was that I included the Hamcrest library twice. Once using Maven pom file. And I also added the JUnit 4 library (which also contains a Hamcrest library) to the project's build path. I simply had to remove JUnit from the build path and everything was fine.
Emily
I googled a bit on this same symptom and this might be of your interest.
Towards the end, I saw this:
The root problem was that I included the Hamcrest library twice. Once using Maven pom file. And I also added the JUnit 4 library (which also contains a Hamcrest library) to the project's build path. I simply had to remove JUnit from the build path and everything was fine.
Emily
Ondrej Mihályi
Jul 4, 2017, 6:25:15 PM7/4/17
to MicroProfile
Hi Mark,
Thanks for reporting the issue with missing parent pom. I deliberately avoided deploying the artifact because I thought it's only needed to build other artifacts. I probably don't have enough knowledge of maven and didn't test if the parent artifact wouldn't be missing.
I've deployed the parent POM now: microprofile-config-parent-1.0-RC1.pom
--Ondro
Mark Struberg
Jul 4, 2017, 6:28:59 PM7/4/17
to MicroProfile
Txs Ondrej!
Ondrej Mihályi
Jul 4, 2017, 6:55:32 PM7/4/17
to MicroProfile
Hi John,
Do you know what is exactly the problem with signatures?
Is the signature on the API JAR file itself a problem? Can OWB work with signed JARs and avoid creating classes in the packages used by the JARs? Or if a JAR is signed, it would always be a problem?
Eclipse requires that all downloadables are signed unless there are technical reasons not to do it. The signed JAR is a standard signed JAR file with a signature provided by Eclipse.
I guess we could avoid the signature with this release since we are in incubation, but we should find a way to work with signed artifacts.
--Ondro
Ondrej Mihályi
Jul 4, 2017, 7:23:57 PM7/4/17
to MicroProfile
Hi John,
Packages in signed JARs cannot be modified by adding new classes, therefore the code in OWB generates a different package name when it detects signed class.
Can you check whether this code it gets hit for the Config interface in the failing tests and whether classToProxy.getSigners() is not null for it?
--Ondro
John D. Ament
Jul 4, 2017, 9:09:37 PM7/4/17
to MicroProfile
Ondrej,
Looks like that block of code was just changed today in OWB, meaning it wouldn't have supported signer JARs before today.
Now it looks like Weld may have the same issue.
John
Emily Jiang
Jul 5, 2017, 5:16:26 AM7/5/17
to MicroProfile
Is OWB working with the signed jars now with the new change? Different runtime might have used the api jars differently. If Weld has the same issue, Weld might have to make the similar changes. I'll get in touch with Weld dev to make sure.
Emily
Emily
John D. Ament
Jul 5, 2017, 7:32:02 AM7/5/17
to MicroProfile
I've already reported the issue to the weld team: https://issues.jboss.org/browse/WELD-2402
In addition, it seems like the Weld Arquillian container completely ignores services defined in JARs within WAR files, so that will need a new release to run the config suite with JBoss Weld: https://github.com/arquillian/arquillian-container-weld/issues/39
Reply all
Reply to author
Forward
0 new messages