Amichai Rothman created ARIES-2124: -------------------------------------- Summary: Embedded jar file is corrupt Key: ARIES-2124 URL: https://issues.apache.org/jira/browse/ARIES-2124 Project: Aries Issue Type: Bug Components: jax-rs-whiteboard Affects Versions: jax-rs-whiteboard-2.0.2 Reporter: Amichai Rothman
The aries-jax-rs-whiteboard karaf feature requires the bundle mvn:org.apache.aries.spec/org.apache.aries.javax.jax.rs-api/1.0.1. This bundle, in turn, contains an embedded jar and Bundle-ClassPath = .,lib/geronimo-osgi-locator.jar. This embedded jar is corrupt: {quote} $ unzip -t lib/geronimo-osgi-locator.jar Archive: lib/geronimo-osgi-locator.jar testing: META-INF/ OK testing: META-INF/MANIFEST.MF bad extra-field entry: EF block length (61373 bytes) exceeds remaining EF data (4 bytes) $jar tf lib/geronimo-osgi-locator.jar java.util.zip.ZipException: Invalid CEN header (invalid zip64 extra data field size) at java.base/java.util.zip.ZipFile$Source.zerror(ZipFile.java:1736) {quote} Even worse, other mechanisms that scan for resources within bundles balk at this (with the same ZipException) when scanning this bundle even if they have nothing to do with the jaxrs whiteboard. So this issue also breaks various unrelated application components. Note that the ZipFile exception may be related to changes in the JDK (11.0.20?) that added stricter validity checks on zip files, however even after and additional fix in JDK-8313765, using 11.0.20.1, this still occurs - presumably because the file is truly corrupt (as shown by the unzip/jar tools). btw I couldn't find where the source for org.apache.aries.javax.jax.rs-api is, and maven central has a few newer releases up to 1.0.4, but all contain the same embedded corrupt jar. Further, I'm not sure where the corrupt geronimo-osgi-locator.jar came from. Maven central has a geronimo-osgi-locator-1.0.jar and a geronimo-osgi-locator-1.1.jar, neither of which are corrupt. -- This message was sent by Atlassian Jira (v8.20.10#820010)