BOM build passes a fat war to Jenkins test harness causing issues

[jtnord]

Jenkins and plugins versions report

Environment

ci.jenkins.io

What Operating System are you using (both controller, and any agents involved in the problem)?

ci.jenkins.io

Reproduction steps

introduce a plugin that blows up when run in FIPS mode (e.g. eddsa-api)

run a full build of the bom

Expected Results

everything works, no plugins are using eddsa-api so would be unaffected

Actual Results

email-ext blows up as it starts Jenkins in FIPS mode as part of its tests.
the EDDSA plugin is in the FAT war, so it aborts Jenkins startup
https://github.com/jenkinsci/bom/runs/25321736833

Anything else?

=== Starting testFormValidationForInsecureAuth(hudson.plugins.emailext.MailAccountFIPSTest)

org.jvnet.hudson.reactor.ReactorException: java.lang.Error: java.lang.reflect.InvocationTargetException
	at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:290)
	at jenkins.InitReactorRunner.run(InitReactorRunner.java:49)
	at jenkins.model.Jenkins.executeReactor(Jenkins.java:1210)
	at jenkins.model.Jenkins.<init>(Jenkins.java:997)
	at hudson.model.Hudson.<init>(Hudson.java:86)
	at org.jvnet.hudson.test.JenkinsRule.newHudson(JenkinsRule.java:747)
	at org.jvnet.hudson.test.JenkinsRule.before(JenkinsRule.java:409)
	at org.jvnet.hudson.test.JenkinsRule$1.evaluate(JenkinsRule.java:650)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
	at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: java.lang.Error: java.lang.reflect.InvocationTargetException
	at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:115)
	at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:185)
	at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305)
	at jenkins.model.Jenkins$5.runTask(Jenkins.java:1175)
	at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221)
	at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120)
	at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
	... 1 more
Caused by: java.lang.reflect.InvocationTargetException
	at java.base/java.lang.reflect.Method.invoke(Method.java:580)
	at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:109)
	... 9 more
Caused by: java.lang.IllegalStateException: The eddsa-api plugin is not FIPS compliant and can not be used in a Jenkins configured to run in FIPS-140 mode
	at io.jenkins.plugins.eddsa_api.FIPSComplianceCheck.preventUsageInFipsMode(FIPSComplianceCheck.java:15)
	... 11 more

https://github.com/jenkinsci/email-ext-plugin/blob/1814.v404722f34263/src/test/java/hudson/plugins/emailext/MailAccountFIPSTest.java

Are you interested in contributing a fix?

72bada7

[jtnord]

as well as the issue above the FAT war causes issues with OptionalExtensions from the varient plugin that are marked as active based on a plugin.

According to Jenkins run by the JTH as the fat war has the plugins the plugin is present and loaded.
so OPtional extensions will be loaded.
However the classloader for loading the OptionalExtention will be surefire, and this may well not have the classes in the classpath. This then causes ClassNotFound Exceptions and leads to ugly hacks like adding test scope dependencies to plugins.

[jtnord]

I have not looked (closely or indeed much at all) but seems the use of the fat war would also conflict with anyone using RealJenkinsRule and includeTestClasspathPlugins(false) or omitPlugins. If these plugins where also in the BOM then they will be present regardless when the test would be expecting otherwise.