I've been working through various recipes to produce a runnable JAR file for a JavaFX project using a Maven POM. Each of these Stackoverflow questions describes the same problem. It is frustrating that there seems to be several different solutions for the same goal.
problem:
java.lang.SecurityException: Invalid signature file digest for Manifest main attributes
Error when executing a JAR file on the command line. Although Netbeans can happily run the program and debug the program.
diagnosis
There are several Stackoverflow and forum questions about this (most helpful ones below). Even though is a known problem I'm yet to find a clear solution to work with JavaFX. The procedures described in these answers do NOT with the JavaFxPackager tool used to bundle-up your JavaFX JAR:
usual approach: The post popular answer for this question (255 votes at time of writing): works with non-JavaFX modules in our project:
However when we put the same plug-in in the POM that builds the JavaFX JAR file, we still get the: "Invalid signature file digest ..." error. Specifically, I placed the <artifactId>maven-shade-plugin</artifactId>
first before and then after the JavaFxPackager exec rule. The result is
**question*:
How does one manage to package a JavaFX application. This is the POM <build> section
Netbeans sets-up for JavaFX:
<build>
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>2.8</version>
<executions>
<execution>
<id>unpack-dependencies</id>
<phase>package</phase>
<goals>
<goal>unpack-dependencies</goal>
</goals>
<configuration>
<excludeScope>system</excludeScope>
<excludeGroupIds>junit,org.mockito,org.hamcrest</excludeGroupIds>
<outputDirectory>${project.build.directory}/classes</outputDirectory>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>1.3.2</version>
<executions>
<execution>
<id>unpack-dependencies</id>
<phase>package</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>${java.home}/../bin/javafxpackager</executable>
<arguments>
<argument>-createjar</argument>
<argument>-nocss2bin</argument>
<argument>-appclass</argument>
<argument>${mainClass}</argument>
<argument>-srcdir</argument>
<argument>${project.build.directory}/classes</argument>
<argument>-outdir</argument>
<argument>${project.build.directory}</argument>
<argument>-outfile</argument>
<argument>${project.build.finalName}.jar</argument>
</arguments>
</configuration>
</execution>
<execution>
<id>default-cli</id>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>${java.home}/bin/java</executable>
<commandlineArgs>${runfx.args}</commandlineArgs>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<compilerArgument>-Xlint:unchecked</compilerArgument> <!-- all -->
<showWarnings>true</showWarnings>
<showDeprecation>true</showDeprecation>
<compilerArguments>
<bootclasspath>${sun.boot.class.path}${path.separator}${java.home}/lib /jfxrt.jar</bootclasspath>
</compilerArguments>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.16</version>
<configuration>
<additionalClasspathElements>
<additionalClasspathElement>${java.home}/lib/jfxrt.jar</additionalClasspathElement>
</additionalClasspathElements>
</configuration>
</plugin>
</plugins>
</build>
The shard plugin
configuration used based on the answer in: "Invalid signature file" when attempting to run a .jar currently looks like this:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<!-- http://maven.apache.org/plugins/maven-shade-plugin/ -->
<!-- http://docs.codehaus.org/display/MAVENUSER/Shade+Plugin -->
<!-- http://zhentao-li.blogspot.com.au/2012/06/maven-shade-plugin-invalid-signature.html -->
<version>2.3</version>
<executions>
<execution>
<id>remove-sign-files</id>
<phase>package</phase>
<goals>
<goal>shade</goal>
</goals>
<configuration>
<filters>
<filter>
<artifact>*:*</artifact>
<excludes>
<exclude>classes/META-INF/*.SF</exclude>
<exclude>classes/META-INF/*.DSA</exclude>
<exclude>classes/META-INF/*.RSA</exclude>
</excludes>
</filter>
</filters>
</configuration>
</execution>
</executions>
</plugin>
To keep Netbeans out of the equation as much as possible, I just run
On the command line. This just issue seems to be a frequent problem and I'm hoping someone has cracked the code for JavFX bundling in other JAR files for a JavaFX build.
Other links:
The recommended way to package JavaFX applications is to use a collection of Ant tasks (ant-javafx. jar), provided with the JavaFX SDK and also with JDK 7 Update 6 or later. NetBeans IDE uses these Ant tasks to package JavaFX projects. Embedded packaging support in NetBeans IDE covers most of the typical use cases.
xml file in the main project directory. You can also produce native packages using the JavaFX Packager tool. self-contained application packages are built by default if you use the -makeall command, or you can request them explicitly using the -native option in the -deploy command.
I had a very similar problem; when I included a signed JAR (bouncycastle) in the project. Its signature was repackaged verbatim, resulting in an obvious SecurityException:
java.lang.SecurityException: Invalid signature file digest for Manifest main attributes
Filtering of all sorts failed; the solution that works for me looks like this in the pom.xml:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>2.8</version>
<executions>
<execution>
<id>unpack-dependencies</id>
<phase>package</phase>
<goals>
<goal>unpack-dependencies</goal>
</goals>
<configuration>
<excludes>META-INF/*.SF,META-INF/*.DSA,META-INF/*.RSA</excludes>
...
</configuration>
</execution>
</executions>
</plugin>
I omitted some lines after the new one with the "excludes" pattern. This single line was the solution for me - I include the other lines so you can see the placement. (I had trouble with many other postings which omitted the context of a tag, so I try to save others this trouble).
Hope that helps others with the same problem.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With