We had a scala application which was being built by command sbt dist
this uses the native packager to create a zip file and dumps all the jar files imported by SBT into the zip file.
This worked for us but after some some we realized that some jar files have same class files (but different versions) and we get run time errors regarding missing methods etc.
So we used sbt assembly
and defined a merge strategy to build a fat jar which has the right class files.
However now after building the fat jar I am getting JCE errors
Caused by: java.lang.SecurityException: JCE cannot authenticate the provider BC
at javax.crypto.Cipher.getInstance(Cipher.java:657)
at javax.crypto.Cipher.getInstance(Cipher.java:596)
at org.bouncycastle.jcajce.util.NamedJcaJceHelper.createCipher(Unknown Source)
at org.bouncycastle.openpgp.operator.jcajce.OperatorHelper.createCipher(Unknown Source)
at org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder$1.recoverKeyData(Unknown Source)
... 24 more
Caused by: java.util.jar.JarException: file:/fat.jar has unsigned entries - -base__DDLMigration.sql
at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:464)
at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:322)
at javax.crypto.JarVerifier.verify(JarVerifier.java:250)
at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:160)
at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:186)
at javax.crypto.Cipher.getInstance(Cipher.java:653)
So it seems that the jar files were signed and when we just dumped the individual jar files into a zip file everything worked. Now when we move individual classes into a fat jar then the signing is lost.
So for every class which was inside of a signed jar file and now was moved to a fat jar we get errors because the fat jar lost the signing information of the original jar.
You can remove the
DSA
andSF
entries fromMETA-INF/MANIFEST.MF
to make the jar unsigned. Or remove the wholeMETA-INF/MANIFEST.MF
.