带有 Jetty 和 Maven Shade 插件的 Manifest 主要属性的无效签名文件摘要

Invalid signature file digest for Manifest main attributes w/ Jetty and Maven Shade Plugin

我看过其他一些关于此主题的 SO 问答,但到目前为止 none 的解决方案对我有用:

我们将 Jetty 与 Maven Shade 插件一起用于开源应用程序:

https://github.com/OneBusAway/onebusaway-gtfs-realtime-from-nextbus-cli

我们开始在构建中遇到以下错误:

$ java -jar onebusaway-gtfs-realtime-from-nextbus-cli.jar
Error: A JNI error has occurred, please check your installation and try again
Exception in thread "main" java.lang.SecurityException: Invalid signature file digest for Manifest main attributes
    at sun.security.util.SignatureFileVerifier.processImpl(Unknown Source)
    at sun.security.util.SignatureFileVerifier.process(Unknown Source)
    at java.util.jar.JarVerifier.processEntry(Unknown Source)
    at java.util.jar.JarVerifier.update(Unknown Source)
    at java.util.jar.JarFile.initializeVerifier(Unknown Source)
    at java.util.jar.JarFile.getInputStream(Unknown Source)
    at sun.misc.URLClassPath$JarLoader.getInputStream(Unknown Source)
    at sun.misc.Resource.cachedInputStream(Unknown Source)
    at sun.misc.Resource.getByteBuffer(Unknown Source)
    at java.net.URLClassLoader.defineClass(Unknown Source)
    at java.net.URLClassLoader.access0(Unknown Source)
    at java.net.URLClassLoader.run(Unknown Source)
    at java.net.URLClassLoader.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.launcher.LauncherHelper.checkAndLoadMain(Unknown Source)

这是我们的问题跟踪器上的问题:

https://github.com/OneBusAway/onebusaway-gtfs-realtime-from-nextbus-cli/issues/6

看起来这是 Jetty 中的一个错误:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=371954

来自上面的错误报告:

There is an issue with javax.servlet-2.5.0.v201103041518.jar packaging on which jetty-7.6.1.v20120215 depends: in the META-INF directory of the javax.servlet jar are found files ECLIPSEF.RSA and ECLIPSEF.SF.

If you generate a jar with maven that uses jetty, you get those 2 files in the META-INF directory of the final jar, and if you run it you get an Exception:

java.lang.SecurityException: Invalid signature file digest for Manifest main attributes

The fix is to exclude the 2 offending files from the generated jars.

The unwanted files can be excluded with the maven-shade-plugin adding to a POM:

<plugin>
 <groupId>org.apache.maven.plugins</groupId>
 <artifactId>maven-shade-plugin</artifactId>
 <version>1.4</version>
 <executions>
  <execution>
   <goals>
    <goal>shade</goal>
   </goals>
   <configuration>
     <filters>
    <filter>
          <artifact>org.eclipse.jetty.orbit:javax.servlet</artifact>
        <excludes>
          <exclude>META-INF/ECLIPSEF.RSA</exclude>
              <exclude>META-INF/ECLIPSEF.SF</exclude>
              <exclude>META-INF/eclipse.inf</exclude>
        </excludes>
        </filter>
       </filters>
    </configuration>
   </execution>
  </executions>
</plugin>

添加:

<filters>
    <filter>
        <artifact>org.eclipse.jetty.orbit:javax.servlet</artifact>
            <excludes>
                <exclude>META-INF/ECLIPSEF.RSA</exclude>
                <exclude>META-INF/ECLIPSEF.SF</exclude>
                <exclude>META-INF/eclipse.inf</exclude>
            </excludes>
    </filter>
</filters>

... 我们的 pom.xml 为我们工作。