RFR: 8218021: Have jarsigner preserve posix permission attributes

[Seán Coffey]

Thanks for the review Alan. I'm in contact with Max already about 
possible follow up enhancements in this area. It would be worked via a 
follow on JBS record.

Regarding the error message, I'm fine with your suggestion. We can go 
with this then:
"POSIX file permission attributes detected. These attributes are ignored 
when signing and are not protected by the signature."

regards,
Sean.

On 02/07/2020 08:59, Alan Bateman wrote:
> On 30/06/2020 14:51, Seán Coffey wrote:
>>
>> :
>>
>> During the CSR review, a suggestion was made to have jarsigner 
>> preserve such attributes by default. Warnings about these attributes 
>> will also be added during signing and verify operations (if detected).
>>
> Yes, signing should be additive so the original proposal to drop 
> information from the UNIX extra block would be surprising. The 
> intersection of those using zip/other tools to create zip files and 
> then signing them with jarsigner is probably small but it would still 
> be confusing for signing to loose information. Having jarsigner refuse 
> to sign these zip files by default, with an option to override, would 
> be a reasonable approach. The current proposal to printing a warning 
> seems okay too.
>
> I've skimmed through webrev.8218021.v5 which has this warning:
>
> "POSIX file permission attributes detected. Note that these attributes 
> are unsigned and not protected by the signature."
>
> I realize you've agreed this with the other Reviewers but I think that 
> "Note that these attributes are unsigned ..." is confusing as it could 
> be interpreted to mean that they have to be signed by some other 
> means, or even that the warning is because they are using unsigned 
> values.
>
> It might be better to tweak the second part to make it a bit clearer, 
> up to you but something like "These attributes are ignored when 
> signing and are not protected by the signature".
>
> -Alan