Skip to content

Unsign all dependency JARs during build #47757

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 8, 2025
Merged

Unsign all dependency JARs during build #47757

merged 1 commit into from
May 8, 2025

Conversation

gastaldi
Copy link
Contributor

@gastaldi gastaldi commented May 8, 2025
edited
Loading

This will unsign all dependency JARs when building to prevent SecurityExceptions from happening

@gastaldi gastaldi requested review from galderz and gsmet May 8, 2025 04:44
@quarkus-bot quarkus-bot bot added the area/core label May 8, 2025
@gastaldi gastaldi force-pushed the jarunsigner branch 4 times, most recently from 37d0548 to d1b8e92 Compare May 8, 2025 04:59
@gastaldi gastaldi changed the title Unsign all dependency JARs during native build Unsign all dependency JARs during build May 8, 2025
@gastaldi gastaldi requested a review from maxandersen May 8, 2025 05:04
@maxandersen
Copy link
Member

What is/was the fix ? On first glance code is just moved to another class? But otherwise called in the same places ?

@quarkus-bot quarkus-bot

This comment has been minimized.

Sign in to view
maxandersen
maxandersen reviewed May 8, 2025
View reviewed changes
Copy link
Member

@maxandersen maxandersen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 - i actually thought this was what we already did.

That this now unsign any signed jars (but only if signed) + That it is done using code that keep the same timestamps is a win.

maxandersen
maxandersen approved these changes May 8, 2025
View reviewed changes
Copy link
Member

@maxandersen maxandersen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm +1 on this but have suggestion on better logging but that can be done separatly if need be.

@gastaldi gastaldi added triage/backport triage/waiting-for-ci Ready to merge when CI successfully finishes labels May 8, 2025
@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented May 8, 2025
edited by github-actions bot
Loading

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit fdf08f0.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.

Flaky tests - Develocity

⚙️ JVM Integration Tests - JDK 21

📦 integration-tests/opentelemetry-grpc-only

io.quarkus.it.opentelemetry.grpc.HelloGrpcClientTest.testHello - History

  • java.lang.RuntimeException: Failed to start quarkus - java.lang.RuntimeException
java.lang.RuntimeException: java.lang.RuntimeException: Failed to start quarkus
	at io.quarkus.test.junit.QuarkusTestExtension.throwBootFailureException(QuarkusTestExtension.java:695)
	at io.quarkus.test.junit.QuarkusTestExtension.interceptTestClassConstructor(QuarkusTestExtension.java:793)
	at java.base/java.util.Optional.orElseGet(Optional.java:364)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
Caused by: java.lang.RuntimeException: Failed to start quarkus
	at io.quarkus.runner.ApplicationImpl.doStart(Unknown Source)

@gastaldi gastaldi merged commit 89ae963 into quarkusio:main May 8, 2025
57 checks passed
@quarkus-bot quarkus-bot bot added this to the 3.23 - main milestone May 8, 2025
@gastaldi gastaldi deleted the jarunsigner branch May 8, 2025 16:23
@quarkus-bot quarkus-bot bot added kind/bugfix and removed triage/waiting-for-ci Ready to merge when CI successfully finishes labels May 8, 2025
@gsmet gsmet modified the milestones: 3.23 - main, 3.22.3 May 13, 2025
@jmartisk jmartisk modified the milestones: 3.22.3, 3.20.2 Jun 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maxandersen maxandersen maxandersen approved these changes

@galderz galderz Awaiting requested review from galderz

@gsmet gsmet Awaiting requested review from gsmet

Assignees
No one assigned
Labels
area/core kind/bugfix triage/flaky-test
Projects
None yet
Milestone
3.20.2
Development

Successfully merging this pull request may close these issues.

Native executable cannot be built with signed Jars containing beans
4 participants
@gastaldi @maxandersen @jmartisk @gsmet