Print a warning when default extractDependencies would result in duplicate file or break jar signature

Description

extractDependencies now defaults to true which may surprise plugin devs blindly upgrading used sdk from pre-4.1

This matters in 3 circumstances we might warn about when extracting:

  • clashing file when resources are not package-scoped (happens)

  • clashing file(s) in META-INF (e.g. Spring Scanner metadata files, which have fixed paths and names)

  • LICENSE.TXT - sort of handled on clash by adding a suffix, but when there is only 1 LICENSE.TXT in included JAR it just pollutes your jar AFAIR

  • unpacking a signed jar (in real life this happened to me only with bcprov I shouldn't have included anyway, but still possible with other jars)

Environment

None

Testing Notes

None

Assignee

Unassigned

Reporter

Slawek Ginter

Labels

None

Add-on Type

None

Team

None

CC

None

Risk factor

None

QA Kickoff Status

None

QA Demo Status

None

Story point estimate

None

Fix versions

Priority

Minor
Configure