Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25625

SECURITY-144-compat usage breaks tests due to code signing

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Component/s: core
    • Labels:
    • Similar Issues:

      Description

      Take a plugin which has a dependency on maven-plugin, such as copyartifact. Now update the dependency to 2.7.1 and try to run functional tests. Everything blows up:

      === Starting CopyArtifactTest.testMavenJobWithArchivePostBuildStep
      ... hudson.model.AbstractBuild$AbstractBuildExecution reportError
      WARNING: Publisher hudson.tasks.ArtifactArchiver aborted due to exception
      java.lang.SecurityException: class "org.jenkinsci.remoting.CallableDecorator"'s signer information does not match signer information of other classes in the same package
      	at java.lang.ClassLoader.checkCerts(ClassLoader.java:952)
      	at java.lang.ClassLoader.preDefineClass(ClassLoader.java:666)
      	at java.lang.ClassLoader.defineClass(ClassLoader.java:794)
      	at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
      	at java.net.URLClassLoader.defineClass(URLClassLoader.java:449)
      	at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
      	at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
      	at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
      	at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
      	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
      	at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
      	at jenkins.FilePathFilter.current(FilePathFilter.java:108)
      	at hudson.FilePath.reading(FilePath.java:2677)
      	at hudson.FilePath.access$000(FilePath.java:190)
      	at hudson.FilePath$40.invoke(FilePath.java:2034)
      	at hudson.FilePath$40.invoke(FilePath.java:2027)
      	at hudson.FilePath.act(FilePath.java:980)
      	at hudson.FilePath.act(FilePath.java:958)
      	at hudson.FilePath.copyRecursiveTo(FilePath.java:2027)
      	at jenkins.model.StandardArtifactManager.archive(StandardArtifactManager.java:61)
      	at hudson.tasks.ArtifactArchiver.perform(ArtifactArchiver.java:218)
      	at hudson.tasks.BuildStepCompatibilityLayer.perform(BuildStepCompatibilityLayer.java:74)
      	at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
      	at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:770)
      	at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:734)
      	at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.post2(MavenModuleSetBuild.java:1037)
      	at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:683)
      	at hudson.model.Run.execute(Run.java:1770)
      	at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:529)
      	at hudson.model.ResourceController.execute(ResourceController.java:89)
      	at hudson.model.Executor.run(Executor.java:240)
      

      This is because remoting.jar is signed (which IMO it should not be), yet SECURITY-144-compat.jar is not.

      As a workaround it suffices to add

      <exclusions>
        <exclusion>
          <groupId>org.jenkins-ci</groupId>
          <artifactId>SECURITY-144-compat</artifactId>
        </exclusion>
      </exclusions>
      

      to the dependency, but this is not going to be sustainable if other plugins start adding the dep too.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                jglick Jesse Glick
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: