RFR: 8345431: Improve jar --validate to detect duplicate or invalid entries [v9]

Lance Andersen lancea at openjdk.org
Tue May 20 16:07:57 UTC 2025 

On Sat, 17 May 2025 01:27:38 GMT, Henry Jen <henryjen at openjdk.org> wrote:

>> This PR check the jar file to ensure entries are consistent from the central directory and local file header. Also check there is no duplicate entry names that could override the desired content by accident.
>
> Henry Jen has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Address review feedback

src/jdk.jartool/share/classes/sun/tools/jar/resources/jar.properties line 285:

> 283: \                             versions.\n\
> 284: \                             Warn if there are duplicate or invalid file names
> 285: 

Would probably be clearer if:

> main.help.opt.main.validate=\
> \      --validate             Validate the contents of the jar archive. This option: \n\
> \                              - Validates that the API exported by a multi-release\n\
> \                                 jar archive is consistent across all different release\n\
> \                                 versions.`
> \                              - Issues a warning if there are invalid or duplicate file names
>

src/jdk.jartool/share/man/jar.md line 222:

> 220: ## Integrity of a jar Archive
> 221: As a jar archive is based on ZIP format, it is possible to create a jar archive using tools
> 222: other than the `jar` command. The `--validate` option performs the following integrity checks:

I would  simplify to:

The `--validate` option  may be used to perform the following integrity checks against a jar archive:

src/jdk.jartool/share/man/jar.md line 239:

> 237: 
> 238: Check with the developer to ensure the jar archive integrity when warnings observed after using
> 239: the `--validate` option.

I don't see a need for this last sentence given the last sentence in the paragraph above.

I would not know who "the developer" is (though the same could be said of "the original source of the jar file"

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24430#discussion_r2098323828
PR Review Comment: https://git.openjdk.org/jdk/pull/24430#discussion_r2098341490
PR Review Comment: https://git.openjdk.org/jdk/pull/24430#discussion_r2098346535

More information about the core-libs-dev mailing list