SNAPSHOT of the DATA project broken by webflow changes

Description

Running with the latest snapshot fails

[DEBUG] Loading keyring for org.springframework.webflow from classloader. [ERROR] Could not load keyring for org.springframework.webflow java.io.IOException: unknown object in stream: 12 at org.bouncycastle.openpgp.PGPObjectFactory.nextObject (Unknown Source) at org.bouncycastle.openpgp.PGPPublicKeyRingCollection.<init> (Unknown Source)

 

I’m guessing this is provoked by this change

commit 21c58cba0e808f2069090d059e9404b584b9578b Date: Mon Sep 18 14:50:04 2023 +0100 JMVN-56 - Prune project signers from webflow https://shibboleth.atlassian.net/browse/JMVN-56

 

And Id SWAG that it is because the keystore is in “new format” which BC (and hence the enforcer) does understand

Environment

None

is blocked by

Activity

Rod Widdowson 
October 30, 2023 at 4:05 PM

gpg -a --no-default-keyring --keyring .\org.springframework.webflow.gpg --import .\keys.asc touch org.springframework.webflow.gpg gpg --always-trust --no-default-keyring --keyring .\org.springframework.webflow.gpg --import .\keys.asc

Fixes that problem, but we then trip over another one - it turns out that (of course) an m2 repository contains history so we see

Could not resolve org.springframework.webflow:spring-binding:3.0.0-RC1:jar.asc

Putting those back (in local signatures) means that we dies because they sigs are not recognised.

I am not sure whether we want to revert both changes or just delete the old stuff from the m2 repositories as we find it. For now I’ll just push the fix for org.springframework.webflow.gpg

Rod Widdowson 
October 30, 2023 at 2:53 PM

Fixed

Details

Assignee

Reporter

Fix versions

Created October 28, 2023 at 7:42 PM
Updated February 21, 2025 at 2:30 PM
Resolved November 5, 2023 at 1:20 PM