(maven-resolver) branch master updated: [MRESOLVER-681] Sigstore TCCL bugfix (#660)

Tue, 25 Feb 2025 02:31:29 -0800 

This is an automated email from the ASF dual-hosted git repository.

cstamas pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven-resolver.git


The following commit(s) were added to refs/heads/master by this push:
     new df0e147a [MRESOLVER-681] Sigstore TCCL bugfix (#660)
df0e147a is described below

commit df0e147aa57e2d19312886d8fac59b0835a45353
Author: Tamas Cservenak <[email protected]>
AuthorDate: Tue Feb 25 11:31:18 2025 +0100

    [MRESOLVER-681] Sigstore TCCL bugfix (#660)
    
    Seems Sigstore depends on TCCL, that went unnoticed in
    tests, but it explodes when this generator used as Maven
    extension.
---
 .../aether/generator/sigstore/SigstoreSignatureArtifactGenerator.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git 
a/maven-resolver-generator-sigstore/src/main/java/org/eclipse/aether/generator/sigstore/SigstoreSignatureArtifactGenerator.java
 
b/maven-resolver-generator-sigstore/src/main/java/org/eclipse/aether/generator/sigstore/SigstoreSignatureArtifactGenerator.java
index c40c02e2..7e7ca671 100644
--- 
a/maven-resolver-generator-sigstore/src/main/java/org/eclipse/aether/generator/sigstore/SigstoreSignatureArtifactGenerator.java
+++ 
b/maven-resolver-generator-sigstore/src/main/java/org/eclipse/aether/generator/sigstore/SigstoreSignatureArtifactGenerator.java
@@ -77,6 +77,8 @@ final class SigstoreSignatureArtifactGenerator implements 
ArtifactGenerator {
 
             // sign relevant artifacts
             ArrayList<Artifact> result = new ArrayList<>();
+            ClassLoader originalClassLoader = 
Thread.currentThread().getContextClassLoader();
+            
Thread.currentThread().setContextClassLoader(KeylessSigner.class.getClassLoader());
             try (KeylessSigner signer = publicStaging
                     ? KeylessSigner.builder().sigstoreStagingDefaults().build()
                     : 
KeylessSigner.builder().sigstorePublicDefaults().build()) {
@@ -122,6 +124,8 @@ final class SigstoreSignatureArtifactGenerator implements 
ArtifactGenerator {
                                 signatureTempFile.toFile()));
                     }
                 }
+            } finally {
+                
Thread.currentThread().setContextClassLoader(originalClassLoader);
             }
             logger.info("Signed {} artifacts with Sigstore", result.size());
             return result;

Reply via email to