"Invalid signature file" when attempting to run a .jar

D

24

510

My java program is packaged in a jar file and makes use of an external jar library, bouncy castle. My code compiles fine, but running the jar leads to the following error:

Exception in thread "main" java.lang.SecurityException: Invalid signature file digest for Manifest main attributes

I've googled for over an hour searching for an explanation and found very little of value. If anyone has seen this error before and could offer some help, I would be obliged.

Dacha answered 16/6, 2009 at 3:49 Comment(4)

are you trying to sign your own jar? if so, how are you attempting to sign it? – Brisket 16/6, 2009 at 3:53

No, at least I don't think I am. Xcode may be attempting to sign it on its own, but there doesn't appear to be any setting to turn this off. – Dacha 16/6, 2009 at 4:35

don't forget to check if jars containing implemented interfaces are also signed! – Biologist 19/3, 2020 at 17:30

Just opened the jar with 7zip, deleted the .SF files. I did not have any .RSA files to delete – Araujo 7/7, 2022 at 14:57

P

48

The solution listed here might provide a pointer.

Invalid signature file digest for Manifest main attributes

Bottom line :

It's probably best to keep the official jar as is and just add it as a dependency in the manifest file for your application jar file.

Puzzler answered 16/6, 2009 at 4:9 Comment(7)

How would I reflect this in the manifest file? I've never edited one before. I'm using Xcode, and the common convention is to put external jar libraries in the myproject/lib directory for inclusion, which is what I am doing. – Dacha 16/6, 2009 at 4:35

@Dacha .. as is the case with Intelli-J – Blalock 5/7, 2014 at 2:56

Unfortunately some of us use things like "maven shade plugin" so including verbatim copies of the original jar is not as easy in those cases... – Verena 11/6, 2015 at 18:26

shameless plug to answer on this site: https://mcmap.net/q/47042/-valid-jar-signature-for-javafx-projects – Encomium 21/6, 2017 at 19:35

what about maven-assembly-plugin? It resolve this issue in my case – Serosa 22/5, 2018 at 12:30

If you need to find out which of your direct and transitive dependencies are signed, you can do this: mvn dependency:copy-dependencies This will copy all the dependencies into target/dependency, then cd into that directory and run: for j in ls *.jar; do jar tvf $j | grep -E 'META-INF/.+\.DSA|META-INF/.+\.SF|META-INF/.+\.RSA' && echo $j; done – Balakirev 25/11, 2020 at 2:32

If you need to find out which of your direct and transitive dependencies are signed, you can do this: mvn dependency:copy-dependencies This will copy all the dependencies into target/dependency, then cd into that directory and run: for j in $(ls *.jar); do jar tvf $j | grep -E 'META-INF/.+\.DSA|META-INF/.+\.SF|META-INF/.+\.RSA' && echo $j; done – Balakirev 25/11, 2020 at 2:40

S

1205

For those who got this error when trying to create a shaded uber-jar with maven-shade-plugin, the solution is to exclude manifest signature files by adding the following lines to the plugin configuration:

<configuration>
    <filters>
        <filter>
            <artifact>*:*</artifact>
            <excludes>
                <exclude>META-INF/*.SF</exclude>
                <exclude>META-INF/*.DSA</exclude>
                <exclude>META-INF/*.RSA</exclude>
            </excludes>
        </filter>
    </filters>
    <!-- Additional configuration. -->
</configuration>

Snood answered 19/7, 2011 at 7:25 Comment(9)

I used this method for my uber-jar, and it worked great. There is a full POM example at maven.apache.org/plugins/maven-shade-plugin/examples/… that shows this method filtering the included files. – Precedential 28/9, 2011 at 13:28

I was tempted to start a whole new thread - but since this is number 1 in Googles results - it seemed apt to keep it here. The lines listed here are in the POM file I am using - and I am still getting the security error when running the application. It builds fine - and of course runs fine when NOT doing an Uber jar - as expected. And while that is Certainly an option - keep them separate - it doesn't solve the issue if you want an Uber Jar. – Huntingdonshire 17/5, 2016 at 9:19

This works for me but...why did we have to ignore the signature files? Im sure signature manifest are there for a reason.... – Atheroma 15/5, 2017 at 21:23

Make sure to do "mvn clean" after doing above! – Confiscatory 27/8, 2018 at 19:26

@JerylCook The signature files are there to indicate that the contents of this jar have these files. When you make an uber jar, you're adding a bunch more files to the jar, and thus the signature is not correct. If you really wanted, you could re-sign the new jar, but of course it would be with your signature, not the old one. Alternatively, you could not distribute the uber jar, but instead include the signed jar as a separate file, but then that defeats the purpose of an uber jar in the first place. – Liggins 22/1, 2019 at 12:45

@Liggins Thank you for that info. That's so useful that I encourage you to edit this answer to include that explanation! – Maje 13/9, 2020 at 4:0

FWIW appears you only have to exclude the *.SF files, then it works... – Verena 24/11, 2020 at 18:43

This doesn't really explain what is wrong with the signatures in the first place unless I missed something. In my case I need to sign my uber jar so I can't remove the signatures but I still get the exception – Savdeep 1/3, 2023 at 23:47

this solves the signature mismatch issue but cause another issue in my project:

org.apache.velocity.exception.VelocityException: The specified class for ResourceManager (org.apache.velocity.runtime.resource.ResourceManagerImpl) does not exist or is not accessible to the current classloader.

– Flapjack 18/3 at 1:31

R

160

For those using gradle and trying to create and use a fat jar, the following syntax might help.

jar {
    doFirst {
        from { configurations.compile.collect { it.isDirectory() ? it : zipTree(it) } } 
    }
    exclude 'META-INF/*.RSA', 'META-INF/*.SF','META-INF/*.DSA' 
}

Reservist answered 21/1, 2013 at 15:15 Comment(7)

This just basically excludes all files with extensions of .RSA, .SF, or .DSA inside the META-INF directory. – Reservist 12/11, 2013 at 14:42

Signing a jar file adds these files under META-INF, but when they are included, the signatures no longer agree with the jar contents. Thus removing them avoids the signature mismatch. – Disappointed 4/4, 2014 at 23:54

I am wondering if there is a way to disable those checkings on the eclipse side ? – Nikolaus 29/7, 2015 at 12:23

what if you don't want all compile dependencies? – Turgite 12/3, 2016 at 9:26

There is a similar question strictly about using fat jar in gradle - #4872156 – Selfabasement 6/4, 2016 at 18:45

This didn't work for me. I had to put the exclude to my fatJar task, which had that configurations.compile.collect command. See https://mcmap.net/q/47040/-using-gradle-to-build-a-jar-with-dependencies – Crossbred 10/5, 2016 at 8:50

This solves also the error Error: Could not find or load main class App Caused by: java.lang.ClassNotFoundException: App – Royster 18/11, 2019 at 17:22

W

84

Please use the following command

zip -d yourjar.jar 'META-INF/*.SF' 'META-INF/*.RSA' 'META-INF/*.DSA'

Weidar answered 9/6, 2016 at 17:3 Comment(5)

Thank you, I had this problem with intellij 14 and your solution works for me! – Typewrite 27/10, 2016 at 10:50

Thank you, worked for me in Windows. Just opened the jar with 7zip, deleted the .SF files. I did not have any .RSA files to delete – Ingoing 22/3, 2017 at 8:44

Wow, can I just say this solution was amazing (and I learned something very powerful along the way!) This needs more upvoting. – Plastic 6/12, 2017 at 18:55

I agree with the comment of @Dylan_Larkin, this is what solved it for me. – Lineate 24/11, 2018 at 17:40

should be zip -d yourjar.jar 'META-INF/*.SF' 'META-INF/*.RSA' 'META-INF/*DSA' – Sateia 3/11, 2020 at 16:46

P

63

Some of your dependencies are likely signed jarfiles. When you combine them all into one big jarfile, the corresponding signature files are still present, and no longer match the "big combined" jarfile, so the runtime halts thinking the jar file has been tampered with (which it...has so to speak).

Assuming you're using ant, you can solve the problem by eliminating the signature files from your jarfile dependencies. Unfortunately, it's not possible to do this in one step in ant.

However, I was able to get this working with Ant in two steps, without specifically naming each jarfile dependency, by using:

<target name="jar" depends="compile" description="Create one big jarfile.">
    <jar jarfile="${output.dir}/deps.jar">
        <zipgroupfileset dir="jars">
            <include name="**/*.jar" />
        </zipgroupfileset>
    </jar>
    <sleep seconds="1" />
    <jar jarfile="${output.dir}/myjar.jar" basedir="${classes.dir}">
        <zipfileset src="${output.dir}/deps.jar" excludes="META-INF/*.SF" />
        <manifest>
            <attribute name="Main-Class" value="com.mycompany.MyMain" />
        </manifest>
    </jar>
</target>

The sleep element is supposed to prevent errors about files with modification dates in the future.

Other variations I found in the linked threads didn't work for me.

Placeeda answered 14/12, 2011 at 1:9 Comment(1)

It's possible to do in one step, using a different way to specify your jars: <jar destfile="build/myjar.jar"> <restrict> <not><name name="META-INF/*.SF" /></not> <archives> <zips> <fileset dir="jarfolder" includes="*/.jar"/> </zips> </archives> </restrict> </jar> – Heliozoan 16/4, 2013 at 12:13

P

48

The solution listed here might provide a pointer.

Invalid signature file digest for Manifest main attributes

Bottom line :

It's probably best to keep the official jar as is and just add it as a dependency in the manifest file for your application jar file.

Puzzler answered 16/6, 2009 at 4:9 Comment(7)

How would I reflect this in the manifest file? I've never edited one before. I'm using Xcode, and the common convention is to put external jar libraries in the myproject/lib directory for inclusion, which is what I am doing. – Dacha 16/6, 2009 at 4:35

@Dacha .. as is the case with Intelli-J – Blalock 5/7, 2014 at 2:56

Unfortunately some of us use things like "maven shade plugin" so including verbatim copies of the original jar is not as easy in those cases... – Verena 11/6, 2015 at 18:26

shameless plug to answer on this site: https://mcmap.net/q/47042/-valid-jar-signature-for-javafx-projects – Encomium 21/6, 2017 at 19:35

what about maven-assembly-plugin? It resolve this issue in my case – Serosa 22/5, 2018 at 12:30

If you need to find out which of your direct and transitive dependencies are signed, you can do this: mvn dependency:copy-dependencies This will copy all the dependencies into target/dependency, then cd into that directory and run: for j in ls *.jar; do jar tvf $j | grep -E 'META-INF/.+\.DSA|META-INF/.+\.SF|META-INF/.+\.RSA' && echo $j; done – Balakirev 25/11, 2020 at 2:32

If you need to find out which of your direct and transitive dependencies are signed, you can do this: mvn dependency:copy-dependencies This will copy all the dependencies into target/dependency, then cd into that directory and run: for j in $(ls *.jar); do jar tvf $j | grep -E 'META-INF/.+\.DSA|META-INF/.+\.SF|META-INF/.+\.RSA' && echo $j; done – Balakirev 25/11, 2020 at 2:40

C

30

Security is already a tough topic, but I'm disappointed to see the most popular solution is to delete the security signatures. JCE requires these signatures. Maven shade explodes the BouncyCastle jar file which puts the signatures into META-INF, but the BouncyCastle signatures aren't valid for a new, uber-jar (only for the BC jar), and that's what causes the Invalid signature error in this thread.

Yes, excluding or deleting the signatures as suggested by @ruhsuzbaykus does indeed make the original error go away, but it can also lead to new, cryptic errors:

java.security.NoSuchAlgorithmException: PBEWithSHA256And256BitAES-CBC-BC SecretKeyFactory not available

By explicitly specifying where to find the algorithm like this:

SecretKeyFactory.getInstance("PBEWithSHA256And256BitAES-CBC-BC","BC");

I was able to get a different error:

java.security.NoSuchProviderException: JCE cannot authenticate the provider BC

JCE can't authenticate the provider because we've deleted the cryptographic signatures by following the suggestion elsewhere in this same thread.

The solution I found was the executable packer plugin that uses a jar-in-jar approach to preserve the BouncyCastle signature in a single, executable jar.

UPDATE:

Another way to do this (the correct way?) is to use Maven Jar signer. This allows you to keep using Maven shade without getting security errors. HOWEVER, you must have a code signing certificate (Oracle suggests searching for "Java Code Signing Certificate"). The POM config looks like this:

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-shade-plugin</artifactId>
    <version>3.1.0</version>
    <executions>
        <execution>
            <phase>package</phase>
            <goals>
                <goal>shade</goal>
            </goals>
            <configuration>
                <filters>
                    <filter>
                        <artifact>org.bouncycastle:*</artifact>
                        <excludes>
                            <exclude>META-INF/*.SF</exclude>
                            <exclude>META-INF/*.DSA</exclude>
                            <exclude>META-INF/*.RSA</exclude>
                        </excludes>
                    </filter>
                </filters>
                <transformers>
                    <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
                        <mainClass>your.class.here</mainClass>
                    </transformer>
                </transformers>
                <shadedArtifactAttached>true</shadedArtifactAttached>
            </configuration>
        </execution>
    </executions>
</plugin>
<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-jarsigner-plugin</artifactId>
    <version>1.4</version>
    <executions>
        <execution>
            <id>sign</id>
            <goals>
                <goal>sign</goal>
            </goals>
        </execution>
        <execution>
            <id>verify</id>
            <goals>
                <goal>verify</goal>
            </goals>
        </execution>
    </executions>
    <configuration>
        <keystore>/path/to/myKeystore</keystore>
        <alias>myfirstkey</alias>
        <storepass>111111</storepass>
        <keypass>111111</keypass>
    </configuration>
</plugin>

No, there's no way to get JCE to recognize a self-signed cert, so if you need to preserve the BouncyCastle certs, you have to either use the jar-in-jar plugin or get a JCE cert.

Caro answered 2/9, 2017 at 14:31 Comment(4)

This is definitely the right way to do it, even if it's work intensive. Thanks for pointing out, in detail, the caveats with using the approved answer. Do you know if the JCE cert has to be signed by Sun? Or can – Stochastic 18/10, 2017 at 15:3

There are third parties that can issue code signing certs. Search for "Java Code Signing Certificate" to see options. – Caro 19/10, 2017 at 15:34

You, sir, made my day! – Micco 28/2, 2018 at 10:51

Helped for me. There are some files in this library, that I don't use, so except them help me with fat-jar file – Ambulacrum 25/12, 2019 at 16:24

F

28

I had this problem when using IntelliJ IDEA 14.01.

I was able to fix it by:

File->Project Structure->Add New (Artifacts)->jar->From Modules With Dependencies on the Create Jar From Module Window:

Select you main class

JAR File from Libraries Select copy to the output directory and link via manifest

Floruit answered 11/12, 2014 at 18:7 Comment(1)

Is it possible to put the dependent jars into the target jar? – Mewl 28/6, 2017 at 4:29

H

20

I faced the same issue, after reference somewhere, it worked as below changing:

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-shade-plugin</artifactId>
    <version>3.2.1</version>
    <configuration>
        <createDependencyReducedPom>false</createDependencyReducedPom>
    </configuration>
    <executions>
        <execution>
            <phase>package</phase>
            <goals>
                <goal>shade</goal>
            </goals>
            <configuration>
                <filters>
                    <filter>
                        <artifact>*:*</artifact>
                        <excludes>
                            <exclude>META-INF/*.SF</exclude>
                            <exclude>META-INF/*.DSA</exclude>
                            <exclude>META-INF/*.RSA</exclude>
                        </excludes>
                    </filter>
                </filters>
            </configuration>
        </execution>
    </executions>
</plugin>

Hilburn answered 12/3, 2019 at 10:13 Comment(3)

This solved my issue swiftly! For completeness, this should go in the maven-shade-plugin tag. – Blastema 20/3, 2019 at 16:0

@Blastema Updated the anwser with your suggestion. Thanks – Hilburn 21/3, 2019 at 1:57

Thanks solved my problem to deploy a java serverless – Gimble 19/6, 2020 at 19:55

B

8

Assuming you build your jar file with ant, you can just instruct ant to leave out the META-INF dir. This is a simplified version of my ant target:

<jar destfile="app.jar" basedir="${classes.dir}">
    <zipfileset excludes="META-INF/**/*" src="${lib.dir}/bcprov-jdk16-145.jar"></zipfileset>
    <manifest>
        <attribute name="Main-Class" value="app.Main"/>
    </manifest>
</jar>

Blanchette answered 5/9, 2010 at 7:2 Comment(1)

where i should add these lines? – Ulick 21/9, 2019 at 10:33

K

6

I've recently started using IntelliJ on my projects. However, some of my colleagues still use Eclipse on the same projects. Today, I've got the very same error after executing the jar-file created by my IntelliJ. While all the solutions in here talking about almost the same thing, none of them worked for me easily (possibly because I don't use ANT, maven build gave me other errors which referred me to http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException, and also I couldn't figure out what are the signed jars by myself!)

Finally, this helped me

zip -d demoSampler.jar 'META-INF/*.SF' 'META-INF/*.RSA' 'META-INF/*SF'

Guess what's been removed from my jar file?!

deleting: META-INF/ECLIPSE_.SF 
deleting: META-INF/ECLIPSE_.RSA

It seems that the issue was relevant to some eclipse-relevant files.

Knowle answered 9/6, 2018 at 4:50 Comment(0)

F

6

I had the same issue in gradle when creating a fat Jar; updating the build.gradle file with an exclude line corrected the problem.

jar {
    from {
        configurations.compile.collect {
            it.isDirectory() ? it : zipTree(it)
        }
    }
    exclude 'META-INF/*.RSA', 'META-INF/*.SF','META-INF/*.DSA'
    manifest {
        attributes 'Main-Class': 'com.test.Main'
    }
}

Fivepenny answered 16/1, 2019 at 15:34 Comment(3)

I was debugging for days, this solved my fat jar issue. – Marivaux 7/11, 2019 at 0:40

The way I debugged is to put the fat jar in jmeter lib directory. If you have the problematic jar in lib/ext, this problem won't be obvious, rather you will get an error like the one in #37624687 – Marivaux 7/11, 2019 at 0:57

exclude 'META-INF/*.RSA', 'META-INF/*.SF','META-INF/*.DSA' This was missing, some dependent jar was causing the issue – Downturn 24/4, 2020 at 5:49

T

3

In case you're using gradle, here is a full farJar task:

version = '1.0'
//create a single Jar with all dependencies
task fatJar(type: Jar) {
    manifest {
        attributes 'Implementation-Title': 'Gradle Jar File Example',  
            'Implementation-Version': version,
            'Main-Class': 'com.example.main'
    }
    baseName = project.name + '-all'
    from { configurations.compile.collect { it.isDirectory() ? it : zipTree(it) } }
    exclude 'META-INF/*.RSA', 'META-INF/*.SF','META-INF/*.DSA' 
    with jar
}

Tannenwald answered 11/5, 2018 at 14:27 Comment(0)

O

2

Compare the folder META-INF in new jar with old jar (before you added new libraries). It is possibility that there will be new files. If yes, you can remove them. It should helps. Regards, 999michal

Ossicle answered 2/6, 2010 at 14:12 Comment(0)

S

2

A strategy would consist in using ANT to simplify the removal of the signature from each Jar file. It would proceed with the following steps:

Copying the MANIFEST.MF in a temporary file
Removing the Name and SHA entries from the temporary file
Creating a temporary Jar file with the temporary manifest
Removing the temporary manifest
Swapping the original Jar file with the temporary one

Here is an ANT macrodef doing the work:

<macrodef name="unsignjar" description="To unsign a specific Jar file">
    <attribute name="jarfile" 
        description="The jar file to unsign" />
    <sequential>
<!-- Copying to the temporary manifest file -->
        <copy toFile="@{jarFile}_MANIFEST.tmp">
            <resources>
                <zipentry zipfile="@{jarFile}" name="META-INF/MANIFEST.MF"/>
            </resources>
        </copy>
<!-- Removing the Name and SHA entries from the temporary file -->
        <replaceregexp file="@{jarFile}_MANIFEST.tmp" match="\nName:(.+?)\nSH" replace="SH" flags="gis" byline="false"/>
        <replaceregexp file="@{jarFile}_MANIFEST.tmp" match="SHA(.*)" replace="" flags="gis" byline="false"/>
<!-- Creating a temporary Jar file with the temporary manifest -->
        <jar jarfile="@{jarFile}.tmp"
            manifest="@{jarFile}_MANIFEST.tmp">
            <zipfileset src="@{jarFile}">
                <include name="**"/>
                <exclude name="META-INF/*.SF"/>
                <exclude name="META-INF/*.DSA"/>
                <exclude name="META-INF/*.RSA"/>
            </zipfileset>
        </jar>
<!-- Removing the temporary manifest -->
        <delete file="@{jarFile}_MANIFEST.tmp" />
<!-- Swapping the original Jar file with the temporary one -->
        <move file="@{jarFile}.tmp"
              tofile="@{jarFile}"
              overwrite="true" />
</sequential>

`

The definition can then be called this way in an ANT task:

<target name="unsignJar">
    <unsignjar jarFile="org.test.myjartounsign.jar" />
</target>

Seamanship answered 8/8, 2016 at 11:28 Comment(0)

M

2

Error: A JNI error has occurred, please check your installation and try again Exception in thread "main" java.lang.SecurityException: Invalid signature file digest for Manifest main attributes at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:314) at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:268) at java.util.jar.JarVerifier.processEntry(JarVerifier.java:316) at java.util.jar.JarVerifier.update(JarVerifier.java:228) at java.util.jar.JarFile.initializeVerifier(JarFile.java:383) at java.util.jar.JarFile.getInputStream(JarFile.java:450) at sun.misc.URLClassPath$JarLoader$2.getInputStream(URLClassPath.java:977) at sun.misc.Resource.cachedInputStream(Resource.java:77) at sun.misc.Resource.getByteBuffer(Resource.java:160) at java.net.URLClassLoader.defineClass(URLClassLoader.java:454) at java.net.URLClassLoader.access$100(URLClassLoader.java:73) at java.net.URLClassLoader$1.run(URLClassLoader.java:368) at java.net.URLClassLoader$1.run(URLClassLoader.java:362) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:361) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:495)

What helped me (IntelliJ IDEA 2016.3): File -> Project Structure -> Artifacts -> Add JAR -> Select Main Class -> Choose "copy to the output directory and link via manifest" -> OK -> Apply -> Build -> Build Artifacts... -> Build

Moffitt answered 11/2, 2017 at 9:16 Comment(0)

S

1

It's possible that two different signers mess up java mind.

Try removing META-INF folder from jar, adding manifest and signing JAR again, it helped me: http://jehy.ru/articles/2013/12/13/invalid-signature-file-digest-for-manifest-main-attributes/

Sihunn answered 13/12, 2013 at 7:9 Comment(1)

+1 for the link. Removing META-INF*.RSA and META-INF*.SF from the jars I was working with solved the issues for me. YMMV – Stepparent 10/4, 2014 at 14:55

W

1

If you are looking for a Fat JAR solution without unpacking or tampering with the original libraries but with a special JAR classloader, take a look at my project here.

Disclaimer: I did not write the code, just package it and publish it on Maven Central and describe in my read-me how to use it.

I personally use it for creating runnable uber JARs containing BouncyCastle dependencies. Maybe it is useful for you, too.

Worldly answered 4/8, 2018 at 11:43 Comment(0)

T

1

You can use Shadow to generate a jar.

Shadow is a Gradle plugin for combining a project's dependency classes and resources into a single output Jar. The combined Jar is often referred to a fat-jar or uber-jar.

Modify build.gradle

plugins {
    ...
    // ① Add the shadow plugin
    id "com.github.johnrengelman.shadow" version "5.2.0"
}

...
// ② Config the shadow jar, its name is baseName-1.0-classifier.jar
shadowJar {
    archiveBaseName.set('baseName')
    archiveClassifier.set('classifier')
    archiveVersion.set('1.0')
    manifest {
        attributes 'Main-Class': 'Main'
    }
}

// ③ Disable the default jar task
jar.enabled = false
// ④ Execute the shadowJar task when compiling
build.dependsOn(shadowJar)

Execute the command gradle build, the jar file will be generated:
- <Project Directory>/build/libs/baseName-1.0-classifier.jar

Thud answered 11/4, 2021 at 13:31 Comment(0)

M

0

For those who have trouble with the accepted solution, there is another way to exclude resource from shaded jar with DontIncludeResourceTransformer:

https://maven.apache.org/plugins/maven-shade-plugin/examples/resource-transformers.html#DontIncludeResourceTransformer

          <transformers>
            <transformer implementation="org.apache.maven.plugins.shade.resource.DontIncludeResourceTransformer">
                <resource>BC1024KE.DSA</resource>
            </transformer>
          </transformers>

From Shade 3.0, this transformer accepts a list of resources. Before that you just need to use multiple transformer each with one resource.

Mayoralty answered 9/9, 2019 at 6:30 Comment(0)

A

0

This happened to me in Intellij when I clicked "Add as a Maven Project" on bottom line when Intellij said "non-managed pom files found.". Meanwhile out folder was already generated. So it did not get recent changes.

Deleting out folder and running the program solved the issue for me. out folder was then recreated.

See the answer of Little Fox as well. The error I received was very similar to his.

Adipocere answered 15/1, 2020 at 8:14 Comment(0)

H

0

For someone who using kotlin script(kts) as building script:

task("fatJar", type = Jar::class) {
baseName = "${project.name}-fat"
manifest {
    attributes["Implementation-Title"] = "Watcher Jar File"
    attributes["Implementation-Version"] = version
    attributes["Main-Class"] = "MainKt"
}
from(configurations.runtimeClasspath.get().map { if (it.isDirectory) it else zipTree(it) }) {
    exclude(listOf("META-INF/*.RSA", "META-INF/*.SF", "META-INF/*.DSA"))
}
with(tasks.jar.get() as CopySpec)

}

Heffner answered 3/11, 2022 at 1:51 Comment(0)

G

0

As @MattW mentioned, doing this on a JCE provider (like BouncyCastle) can cause new exceptions to occur.

Regardless, if you want to fix the error mentioned in the OP, and you use Gradle Kotlin Build Script, you can use following code to make it work:

tasks.withType<Jar> {
    excludes += listOf("META-INF/*.SF", "META-INF/*.DSA", "META-INF/*.RSA")
}

This will exclude a list of files from tasks with type "Jar", regardless of what tasks these are.

Gum answered 28/4, 2023 at 10:25 Comment(0)

R

-1

I had a similar problem. The reason was that I was compiling using a JDK with a different JRE than the default one in my Windows box.

Using the correct java.exe solved my problem.

Rolph answered 2/8, 2010 at 12:54 Comment(0)

E

-3

If you're getting this when trying to bind JAR files for a Xamarin.Android bindings project like so:

JARTOXML : warning J2XA006: missing class error was raised while reflecting com.your.class : Invalid signature file digest for Manifest main attributes

Just open the JAR files using Winzip and delete the meta-inf directories. Rebuild - job done

Echinoderm answered 23/9, 2014 at 9:30 Comment(1)

This is a horrible technique. Absolutely Horrible. Make the corrections locally don't make changes to incoming jars – Heirdom 6/6, 2016 at 14:16

UPDATE:

Recommended topics

Hot tags