RFR: 8268613: jar --validate should check inital entries of a JAR file [v4]

[Lance Andersen]

On Wed, 12 Nov 2025 07:20:44 GMT, Christian Stein <cstein at openjdk.org> wrote:

>> Please review this change to include a validation check for expecting an optional JAR manifest entry being the first or second entry in JAR file. As the second entry, it must be only preceeded by an entry for the `META-INF/` directory.
>
> Christian Stein has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Add comment to test

Thank you for moving the Manifest position checking as it helps improve the overall validation checking

WRT the new Resource: error.validator.wrong.position,  I believe this is only used by your new check and if so, perhaps consider making the message more specific indicating the Manifest was not found in either entry 1 or 2 (or something like that)

a couple of other responses below but all good

test/jdk/tools/jar/ValidatorTest.java line 315:

> 313:     /**
> 314:      * Validates that the LOC MANIFEST.MF entries are at the expected positions.
> 315:      *

Thank you for adding a comment.  I might suggest adding a little more clarity or point to JarInputStream docs as the  Manifest Location for JarFile is not an issue. 

The issue boils down to the fact that JarInputStream walks the LOC sequentially and because of this there is the limitation on the location of where  the Manifest can live.

Not a big deal overall and I will leave it to you.  It is just no obvious to someone who is working in this area the 1st time as this issue is not directly related to the Zip specification, but is a JarInputStream limitation

-------------

Marked as reviewed by lancea (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28154#pullrequestreview-3453879848
PR Review Comment: https://git.openjdk.org/jdk/pull/28154#discussion_r2518637541