Take a plugin which has a dependency on maven-plugin, such as copyartifact. Now update the dependency to 2.7.1 and try to run functional tests. Everything blows up:
=== Starting CopyArtifactTest.testMavenJobWithArchivePostBuildStep ... hudson.model.AbstractBuild$AbstractBuildExecution reportError WARNING: Publisher hudson.tasks.ArtifactArchiver aborted due to exception java.lang.SecurityException: class "org.jenkinsci.remoting.CallableDecorator"'s signer information does not match signer information of other classes in the same package at java.lang.ClassLoader.checkCerts(ClassLoader.java:952) at java.lang.ClassLoader.preDefineClass(ClassLoader.java:666) at java.lang.ClassLoader.defineClass(ClassLoader.java:794) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142) at java.net.URLClassLoader.defineClass(URLClassLoader.java:449) at java.net.URLClassLoader.access$100(URLClassLoader.java:71) at java.net.URLClassLoader$1.run(URLClassLoader.java:361) at java.net.URLClassLoader$1.run(URLClassLoader.java:355) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:354) at java.lang.ClassLoader.loadClass(ClassLoader.java:425) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308) at java.lang.ClassLoader.loadClass(ClassLoader.java:358) at jenkins.FilePathFilter.current(FilePathFilter.java:108) at hudson.FilePath.reading(FilePath.java:2677) at hudson.FilePath.access$000(FilePath.java:190) at hudson.FilePath$40.invoke(FilePath.java:2034) at hudson.FilePath$40.invoke(FilePath.java:2027) at hudson.FilePath.act(FilePath.java:980) at hudson.FilePath.act(FilePath.java:958) at hudson.FilePath.copyRecursiveTo(FilePath.java:2027) at jenkins.model.StandardArtifactManager.archive(StandardArtifactManager.java:61) at hudson.tasks.ArtifactArchiver.perform(ArtifactArchiver.java:218) at hudson.tasks.BuildStepCompatibilityLayer.perform(BuildStepCompatibilityLayer.java:74) at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20) at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:770) at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:734) at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.post2(MavenModuleSetBuild.java:1037) at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:683) at hudson.model.Run.execute(Run.java:1770) at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:529) at hudson.model.ResourceController.execute(ResourceController.java:89) at hudson.model.Executor.run(Executor.java:240)
This is because remoting.jar is signed (which IMO it should not be), yet SECURITY-144-compat.jar is not.
As a workaround it suffices to add
<exclusions> <exclusion> <groupId>org.jenkins-ci</groupId> <artifactId>SECURITY-144-compat</artifactId> </exclusion> </exclusions>
to the dependency, but this is not going to be sustainable if other plugins start adding the dep too.
- is blocking
-
JENKINS-24887 Workflow support of Copyartifact
-
- Closed
-
- links to