RFR: 8356645: Javac should utilize new ZIP file system read-only access mode [v3]

David Beaumont duke at openjdk.org
Wed Jun 18 20:32:13 UTC 2025


On Wed, 18 Jun 2025 20:28:25 GMT, David Beaumont <duke at openjdk.org> wrote:

>> This PR seeks to integrate the new ZipFileSystem "accessMode" parameter to open internal ZIP/JAR files as read only, to act as defense in-depth against accidental modification.
>> 
>> Note that this currently also propagates the (currently undocumented) "zipinfo-time" parameter to several other places where ZIP/JAR files are opened, which is likely to improve performance. This was discussed and is expected to be safe (but it's something to be careful about).
>> This will, of course, be thoroughly tested before integration.
>> 
>> It also unifies several places to use a common helper method to obtain the environment map, adds more comments, and changes a small number of affected tests.
>> 
>> I'm also happy to update the original bug description to include the timestamp related changes as necessary.
>
> David Beaumont has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Some (not all) feedback addressed. Still open questions.

test/langtools/tools/javac/platform/VerifyCTSymClassFiles.java line 60:

> 58:     }
> 59: 
> 60:     private final FSInfo fsInfo = FSInfo.instance(new Context());

I don't think this is actually right unless we make the other cySym code use FSInfo. Happy to hear people's thoughts on this. One benefit here is that we know we've matched the expected ZIP file with the ZIP file system provider, so no need to worry if the environment was going to be honoured.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/25639#discussion_r2155438731


More information about the compiler-dev mailing list