问题
I've seen a few other SO Q&As on this topic, but so far none of the solutions have worked for me:
- "Invalid signature file" when attempting to run a .jar
- Exception in thread "main" java.lang.SecurityException: Invalid signature file digest for Manifest main attributes
- Valid JAR signature for JavaFX projects
We're using Jetty for an open-source application, along with the Maven Shade Plugin:
https://github.com/OneBusAway/onebusaway-gtfs-realtime-from-nextbus-cli
We started getting the following error in builds:
$ java -jar onebusaway-gtfs-realtime-from-nextbus-cli.jar
Error: A JNI error has occurred, please check your installation and try again
Exception in thread "main" java.lang.SecurityException: Invalid signature file digest for Manifest main attributes
at sun.security.util.SignatureFileVerifier.processImpl(Unknown Source)
at sun.security.util.SignatureFileVerifier.process(Unknown Source)
at java.util.jar.JarVerifier.processEntry(Unknown Source)
at java.util.jar.JarVerifier.update(Unknown Source)
at java.util.jar.JarFile.initializeVerifier(Unknown Source)
at java.util.jar.JarFile.getInputStream(Unknown Source)
at sun.misc.URLClassPath$JarLoader$2.getInputStream(Unknown Source)
at sun.misc.Resource.cachedInputStream(Unknown Source)
at sun.misc.Resource.getByteBuffer(Unknown Source)
at java.net.URLClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.access$100(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.launcher.LauncherHelper.checkAndLoadMain(Unknown Source)
Here's the issue on our issue tracker:
https://github.com/OneBusAway/onebusaway-gtfs-realtime-from-nextbus-cli/issues/6
回答1:
Looks like this is a bug in Jetty:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=371954
From the above bug report:
There is an issue with javax.servlet-2.5.0.v201103041518.jar packaging on which jetty-7.6.1.v20120215 depends: in the META-INF directory of the javax.servlet jar are found files ECLIPSEF.RSA and ECLIPSEF.SF.
If you generate a jar with maven that uses jetty, you get those 2 files in the META-INF directory of the final jar, and if you run it you get an Exception:
java.lang.SecurityException: Invalid signature file digest for Manifest main attributesThe fix is to exclude the 2 offending files from the generated jars.
The unwanted files can be excluded with the maven-shade-plugin adding to a POM:
<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-shade-plugin</artifactId> <version>1.4</version> <executions> <execution> <goals> <goal>shade</goal> </goals> <configuration> <filters> <filter> <artifact>org.eclipse.jetty.orbit:javax.servlet</artifact> <excludes> <exclude>META-INF/ECLIPSEF.RSA</exclude> <exclude>META-INF/ECLIPSEF.SF</exclude> <exclude>META-INF/eclipse.inf</exclude> </excludes> </filter> </filters> </configuration> </execution> </executions> </plugin>
Adding the:
<filters>
<filter>
<artifact>org.eclipse.jetty.orbit:javax.servlet</artifact>
<excludes>
<exclude>META-INF/ECLIPSEF.RSA</exclude>
<exclude>META-INF/ECLIPSEF.SF</exclude>
<exclude>META-INF/eclipse.inf</exclude>
</excludes>
</filter>
</filters>
... to our pom.xml worked for us.
来源:https://stackoverflow.com/questions/32259504/invalid-signature-file-digest-for-manifest-main-attributes-w-jetty-and-maven-sh