java.security.NoSuchAlgorithmException when installing signed jar files in Maven/Tycho build
Summary
Eclipse LSAT uses the eclipse-jarsigner-plugin to sign its jars. The eclipse-jarsigner-plugin at its turn uses the signing service at http://build.eclipse.org:31338/sign to create a signed jar file. Suddenly the build fails (no configuration changes were made) as the signed jars cannot be installed into the built Eclipse 2020-06 anymore due to a java.security.NoSuchAlgorithmException: No algorithm found for 1.2.840.113549.1.1.12
After investigation it seems that the jars in the latest builds are signed with a different/newer signature algorithm than before and this algorithm is not supported by the older Eclipse and/or Java version.
Old signing information:
- Signed by "EMAILADDRESS=webmaster@eclipse.org, CN="Eclipse.org Foundation, Inc.", OU=IT, O="Eclipse.org Foundation, Inc.", L=Ottawa, ST=Ontario, C=CA"
Digest algorithm: SHA-256
Signature algorithm: SHA384withRSA, 4096-bit key
Timestamped by "CN=Symantec SHA256 TimeStamping Signer - G3, OU=Symantec Trust Network, O=Symantec Corporation, C=US" on di nov 01 16:22:04 UTC 2022
Timestamp digest algorithm: SHA-256
Timestamp signature algorithm: SHA256withRSA, 2048-bit keyNew signing information:
- Signed by "EMAILADDRESS=webmaster@eclipse.org, CN="Eclipse.org Foundation, Inc.", OU=IT, O="Eclipse.org Foundation, Inc.", L=Ottawa, ST=Ontario, C=CA"
Digest algorithm: SHA-256
Signature algorithm: SHA384withSHA384withRSA, 4096-bit key
Timestamped by "CN=Symantec SHA256 TimeStamping Signer - G3, OU=Symantec Trust Network, O=Symantec Corporation, C=US" on di jan 31 12:21:16 UTC 2023
Timestamp digest algorithm: SHA-256
Timestamp signature algorithm: SHA256withRSA, 2048-bit keyI already tried to configure other signature algorithms, but without success, see eclipse/lsat/lsat!53 (59568a86) I assume that this will impact many more Eclipse projects causing that their new releases cannot be installed anymore in older Eclipse versions.
Steps to reproduce
Build Eclipse LSAT with sign profile.
Relevant logs and/or screenshots
12:30:39 [INFO] Installing product org.eclipse.lsat.product for environment linux/gtk/x86_64 to /home/jenkins/agent/workspace/Eclipse_LSAT_build_develop/product/org.eclipse.lsat.product/target/products/org.eclipse.lsat.product/linux/gtk/x86_64/eclipse-lsat-nightly
12:30:39 Installing org.eclipse.lsat.product 0.2.0.v20230130-112038-nightly.
12:30:42 Installation failed.
12:30:42 An error occurred during the org.eclipse.equinox.internal.p2.engine.phases.CheckTrust phase.
12:30:42 session context was:(profile=DefaultProfile, phase=org.eclipse.equinox.internal.p2.engine.phases.CheckTrust, operand=, action=).
12:30:42 Error with signed content.
12:30:42 Caused by:
12:30:42 java.security.NoSuchAlgorithmException: An error occurred while processing the signatures for the file: /home/jenkins/agent/workspace/Eclipse_LSAT_build_develop/product/org.eclipse.lsat.product/target/products/org.eclipse.lsat.product/linux/gtk/x86_64/eclipse-lsat-nightly/plugins/org.eclipse.lsat.activity.diagram.design_0.2.0.v20230130-112038-nightly.jar
12:30:42 Caused by:
12:30:42 java.security.NoSuchAlgorithmException: No algorithm found for 1.2.840.113549.1.1.12
12:30:42 There were errors. See log file: /tmp/tycho3410902364103534361equinox/config/1675077756764.logSnippet from log: https://ci.eclipse.org/lsat/job/Eclipse%20LSAT%20build/job/develop/3/console
<!-- Sign JARs. -->
<plugin>
<groupId>org.eclipse.cbi.maven.plugins</groupId>
<artifactId>eclipse-jarsigner-plugin</artifactId>
<version>${eclipse.cbi.version}</version>
<executions>
<execution>
<id>sign</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>Maven configuration at: https://gitlab.eclipse.org/eclipse/lsat/lsat/-/blob/develop/releng/org.eclipse.lsat.configuration/pom.xml#L689
Priority
-
Urgent -
High -
Medium -
Low
Severity
-
Blocker -
Major -
Normal -
Low
Impact
I planned a new Eclipse LSAT release for today, but this issue is blocking the release.