[
https://issues.apache.org/jira/browse/ARIES-2124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Amichai Rothman updated ARIES-2124:
-----------------------------------
Description:
The aries-jax-rs-whiteboard karaf feature requires the bundle
mvn:org.apache.aries.spec/org.apache.aries.javax.jax.rs-api/1.0.1. This bundle,
in turn, contains an embedded jar and Bundle-ClassPath =
.,lib/geronimo-osgi-locator.jar.
This embedded jar is corrupt:
{quote}
$ unzip -t lib/geronimo-osgi-locator.jar
Archive: lib/geronimo-osgi-locator.jar
testing: META-INF/ OK
testing: META-INF/MANIFEST.MF bad extra-field entry:
EF block length (61373 bytes) exceeds remaining EF data (4 bytes)
$jar tf lib/geronimo-osgi-locator.jar
java.util.zip.ZipException: Invalid CEN header (invalid zip64 extra data field
size)
at java.base/java.util.zip.ZipFile$Source.zerror(ZipFile.java:1736)
{quote}
Even worse, other mechanisms that scan for resources within bundles balk at
this (with the same ZipException) when scanning this bundle even if they have
nothing to do with the jaxrs whiteboard. So this issue also breaks various
unrelated application components.
Note that the ZipFile exception may be related to changes in the JDK (11.0.20?)
that added stricter validity checks on zip files, however even after and
additional fix in JDK-8313765, using 11.0.20.1, this still occurs - presumably
because the file is truly corrupt (as shown by the unzip/jar tools). Also
setting the system property
-Djdk.util.zip.disableZip64ExtraFieldValidation=true (as referenced in some of
the linked JDK issues) doesn't help in this case.
btw I couldn't find where the source for org.apache.aries.javax.jax.rs-api is,
and maven central has a few newer releases up to 1.0.4, but all contain the
same embedded corrupt jar. Further, I'm not sure where the corrupt
geronimo-osgi-locator.jar came from. Maven central has a
geronimo-osgi-locator-1.0.jar and a geronimo-osgi-locator-1.1.jar, neither of
which are corrupt.
was:
The aries-jax-rs-whiteboard karaf feature requires the bundle
mvn:org.apache.aries.spec/org.apache.aries.javax.jax.rs-api/1.0.1. This bundle,
in turn, contains an embedded jar and Bundle-ClassPath =
.,lib/geronimo-osgi-locator.jar.
This embedded jar is corrupt:
{quote}
$ unzip -t lib/geronimo-osgi-locator.jar
Archive: lib/geronimo-osgi-locator.jar
testing: META-INF/ OK
testing: META-INF/MANIFEST.MF bad extra-field entry:
EF block length (61373 bytes) exceeds remaining EF data (4 bytes)
$jar tf lib/geronimo-osgi-locator.jar
java.util.zip.ZipException: Invalid CEN header (invalid zip64 extra data field
size)
at java.base/java.util.zip.ZipFile$Source.zerror(ZipFile.java:1736)
{quote}
Even worse, other mechanisms that scan for resources within bundles balk at
this (with the same ZipException) when scanning this bundle even if they have
nothing to do with the jaxrs whiteboard. So this issue also breaks various
unrelated application components.
Note that the ZipFile exception may be related to changes in the JDK (11.0.20?)
that added stricter validity checks on zip files, however even after and
additional fix in JDK-8313765, using 11.0.20.1, this still occurs - presumably
because the file is truly corrupt (as shown by the unzip/jar tools).
btw I couldn't find where the source for org.apache.aries.javax.jax.rs-api is,
and maven central has a few newer releases up to 1.0.4, but all contain the
same embedded corrupt jar. Further, I'm not sure where the corrupt
geronimo-osgi-locator.jar came from. Maven central has a
geronimo-osgi-locator-1.0.jar and a geronimo-osgi-locator-1.1.jar, neither of
which are corrupt.
> Embedded jar file is corrupt
> ----------------------------
>
> Key: ARIES-2124
> URL: https://issues.apache.org/jira/browse/ARIES-2124
> Project: Aries
> Issue Type: Bug
> Components: jax-rs-whiteboard
> Affects Versions: jax-rs-whiteboard-2.0.2
> Reporter: Amichai Rothman
> Priority: Critical
>
> The aries-jax-rs-whiteboard karaf feature requires the bundle
> mvn:org.apache.aries.spec/org.apache.aries.javax.jax.rs-api/1.0.1. This
> bundle, in turn, contains an embedded jar and Bundle-ClassPath =
> .,lib/geronimo-osgi-locator.jar.
> This embedded jar is corrupt:
> {quote}
> $ unzip -t lib/geronimo-osgi-locator.jar
> Archive: lib/geronimo-osgi-locator.jar
> testing: META-INF/ OK
> testing: META-INF/MANIFEST.MF bad extra-field entry:
> EF block length (61373 bytes) exceeds remaining EF data (4 bytes)
> $jar tf lib/geronimo-osgi-locator.jar
> java.util.zip.ZipException: Invalid CEN header (invalid zip64 extra data
> field size)
> at java.base/java.util.zip.ZipFile$Source.zerror(ZipFile.java:1736)
> {quote}
> Even worse, other mechanisms that scan for resources within bundles balk at
> this (with the same ZipException) when scanning this bundle even if they have
> nothing to do with the jaxrs whiteboard. So this issue also breaks various
> unrelated application components.
> Note that the ZipFile exception may be related to changes in the JDK
> (11.0.20?) that added stricter validity checks on zip files, however even
> after and additional fix in JDK-8313765, using 11.0.20.1, this still occurs -
> presumably because the file is truly corrupt (as shown by the unzip/jar
> tools). Also setting the system property
> -Djdk.util.zip.disableZip64ExtraFieldValidation=true (as referenced in some
> of the linked JDK issues) doesn't help in this case.
> btw I couldn't find where the source for org.apache.aries.javax.jax.rs-api
> is, and maven central has a few newer releases up to 1.0.4, but all contain
> the same embedded corrupt jar. Further, I'm not sure where the corrupt
> geronimo-osgi-locator.jar came from. Maven central has a
> geronimo-osgi-locator-1.0.jar and a geronimo-osgi-locator-1.1.jar, neither of
> which are corrupt.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
