New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrading to 1.78 results in class not found errors when running in OSGI containers #1621
Comments
This reverts commit c237cdf. Bouncy Castle 1.78 has broken OSGi metadata: the package imports in MANIFEST.MF are missing. See also [1] and [2]. [1] bcgit/bc-java#1621 [2] eclipse-platform/eclipse.platform.releng.aggregator#1968 (comment)
This reverts commit 718d121. Bouncy Castle 1.78 has broken OSGi metadata: the package imports in MANIFEST.MF are missing. See also [1] and [2]. [1] bcgit/bc-java#1621 [2] eclipse-platform/eclipse.platform.releng.aggregator#1968 (comment) Change-Id: Iedec921215dabe0b63fb0dd7f6a4b28c18f854a0 Signed-off-by: Thomas Wolf <twolf@apache.org>
These broken manifests make BC 1.78 unusable in OSGi environments. Would be nice if this could be fixed and a patch release be published. |
Try what's on https://downloads.bouncycastle.org/betas/ if that works I'll put together a proper one upload it to Maven Central. |
@tomaswolf have you been able to successfully use the 1.78.1 versions linked above? We've installed those in our local Maven repo and the project is now failing to compile altogether. Looking at the bcpkix manifest file, it's still missing the required import-package entries. |
No, but I didn't try. I did download them and looked at the manifests, and they still have the same problem. I guess the reason (for bcpg) is this manifest setting. This is missing something for importing "org.bouncycastle.*", possibly with a version (range). Same for the other bundles. |
Ah, thanks @tomaswolf - I seem to have fixed only one of 2 problems. I've uploaded a new set of 1.78.1 jars to https://downloads.bouncycastle.org/betas this one adds the missing import - they appear to activate in my local version of kharaf. In case of caching, sha256 checksums for the latest: 6635bcdafb39922aef0245ecf291963db63e3d716e8176d7ebefb1d91609a4d0 core/build/libs/core-1.78.1.jar |
The manifests look better, but this doesn't work yet. In Eclipse we use bcprov, bcpkix, bcpg, and bcutil. With these 1.78.1 JARs I get:
bcpg imports (The class also is twice in the git rpo, once here and once there.) Apart from that:
|
I also tried with following 5 JARs from the betas site: I get also NoClassDefFoundError for: `Caused by: java.lang.ExceptionInInitializerError: Exception java.lang.NoClassDefFoundError: org/bouncycastle/asn1/oiw/OIWObjectIdentifiers [in thread "FelixStartLevel"] Thanks for your effort 👍 |
Thanks for the additional info, I think this time I've actually managed to get the plugin and myself in agreement Have been able to set the bundle names back to what they were for 1.77 as well as well as deal with the versioning and the odd import issue. I found a couple more missing exports as well. 3c82b92198957dd6c1bba6ab16e131497257186187199158c33855bbbccc26c9 core/build/libs/core-1.78.1.jar Let me know, it it checks out, I'll put this one together as a release. |
Thanks for the update. In particular, thanks for changing back the Bundle-SymbolicNames. Getting closer. This now works in Eclipse, but: the import version range is now "1.78.1". In OSGi, this means any version >= 1.78.1 is acceptable, even a future version 4.0.0. This is worse than "[1.78,2)". This should be changed to "[1.78.1,1.79)". |
However, I run into troubles running unit tests. Might be a JUnit problem. In any case I get
To resolve this I have to add bcutil as an extra dependency to the bundle containing the tests. Unclear where this comes from, but I do notice that the bcpg manifest has in its export packages: org.bouncycastle.openpgp;uses:="org.bouncycastle.asn1,org.bouncycastle.bcpg,org.bouncycastle.bcpg.attr,org.bouncycastle.bcpg.sig,org.bouncycastle.gpg,org.bouncycastle.openpgp.operator,org.bouncycastle.util";version="1.78.1" Class PGPUtil also imports various subpackages of asn1. Shouldn't those also appear in the "uses" clause? |
I've done another update which should properly fix the version issue. Here's the checksums: 865d1692fd412079dc3828c827df35286ea20897c5a5439e885c82612bd7c501 core/build/libs/core-1.78.1.jar With bcpg, there is a dependency on it with bcutil now (the pom was missing this is as well, that's been fixed also). It's only a couple of classes at the moment (previously based in bcprov), but with the latest revisions to the PGP specification it's become obvious it's just going to get worse so we decided it was time to add the dependency. Let me know how it goes. Thanks. |
Thanks; this now looks OK and works as far as I can test it. @precoder what about your problem case? |
Thanks @tomaswolf yes @precoder let me know if you're issue is also solved with the latest (I'm confident it is but would like to be sure) and I'll get the update out the door and on Maven Central. |
Now I tested my setup again and it works without any ClassNotFoundExceptions. Thanks for your fast response time and fix :) |
1.78.1 is now starting to appear on Maven Central and bouncycastle.org. |
This is broken for me.
Causing this build failure https://github.com/square/okhttp/actions/runs/8751257626/job/24016483153?pr=8364#step:7:762
|
Oh boy... okay, I've fixed the ones available on the BC website, while dealing with that error I've also made the change @tomaswolf suggested of using "[1.78.1,1.79)" for imports as well. If for some reason you're stuck on Maven Central, it's safe to keep using 1.78, there's 2 minor changes in 1.78.1, they're really edge conditions though, so annoying if you run into them, but if you don't, they simply don't matter. We can't replace the artifacts on Maven Central. Let me know how you go. |
I'm not blocked, I'll just skip that bump |
Just so everyone is clear - this second issue applies to the jdk15to18 builds - they use a second, as it turns out, fragile, tool chain. The original issue reported here is still fixed. As things would have it, the jdk15to18 builds are actually okay for 1.78, the .1 release resulted in a script error which caused the invalid 1..78 to appear. People who must use Maven and are unaffected by the edge case that was also fixed in 1.78.1 can use the 1.78 release on Maven Central without OSGi issues - it's only if the rejecting invalid X.509 extensions issue affects you that you need 1.78.1 (which is now corrected for jdk15to18 on the BC website). |
We've recently upgraded from 1.77 to 1.78 and are observing the following error:
Our platform uses OSGI. From what we can see,
bcpkix-jdk18on
library is missing a substantial amount of entries from theImport-Package
section of its Manifest file. In 1.77 there are explicit import entries forbcprov
packages which have now been removed and are causing these issues when using the libraries in OSGI environments.The text was updated successfully, but these errors were encountered: