Transformed WAR with signed jars won't deploy.

[tech-consortium]

When we transform a war that contains jars signed using jarsigner, we get a java.lang.SecurityException: Invalid signature file digest for Manifest main attributes.

[bjhargrave]

When an artifact is mutated by the transformer, any signatures in the artifact may become invalidated. So the transformed artifact would need to be resigned by the proper signing authority.

The only thing transformer could do would be to strip out all signatures if the artifact is mutated. There is no way for transformer to resign the mutated artifact.

[pindaroli]

When an artifact is mutated by the transformer, any signatures in the artifact may become invalidated. So the transformed artifact would need to be resigned by the proper signing authority.

The only thing transformer could do would be to strip out all signatures if the artifact is mutated. There is no way for transformer to resign the mutated artifact.

How to configure last behavior? Thanks

[bjhargrave]

How to configure last behavior?

Transformer does not have these capabilities. They would need to be added.

[jluehe]

@bjhargrave, we need this capability, too! Would you accept a PR which adds this feature, that is, omits any signature files from a mutated artifact, such that the artifact would be treated as unsigned?

[bjhargrave]

So you are proposing to submit a PR to strip signatures from a jar if the jar is modified? OK but please include tests to validate the behavior. An unmodified jar should not have its signatures stripped.

[jluehe]

Thank you, @bjhargrave - will do! Opened https://github.com/eclipse/transformer/issues/606

[jluehe]

@bjhargrave, I have the changes ready (including unit tests) and should be able to raise PR soon - just FYI