Print a warning when default extractDependencies would result in duplicate file or break jar signature

Description

extractDependencies now defaults to true which may surprise plugin devs blindly upgrading used sdk from pre-4.1

This matters in 3 circumstances we might warn about when extracting:

  • clashing file when resources are not package-scoped (happens)

  • clashing file(s) in META-INF (e.g. Spring Scanner metadata files, which have fixed paths and names)

  • LICENSE.TXT - sort of handled on clash by adding a suffix, but when there is only 1 LICENSE.TXT in included JAR it just pollutes your jar AFAIR

  • unpacking a signed jar (in real life this happened to me only with bcprov I shouldn't have included anyway, but still possible with other jars)

Environment

None

Testing Notes

None

Activity

Show:
Marcos Scriven
September 30, 2015, 1:45 PM

Closing as this a very old issue regarding behaviour change of an old version.

Andrew S
February 6, 2018, 4:08 AM

This gotcha is still biting people in 2018. It's not about when we made the change, it's about the fact that silently overwriting files is wrong.

Fixed

Assignee

Unassigned

Reporter

Slawek Ginter

Labels

None

Add-on Type

None

Team

None

CC

None

Risk factor

None

QA Kickoff Status

None

QA Demo Status

None

Story point estimate

None

Fix versions

Priority

Minor