<div dir="ltr"><div dir="ltr">On Mon, Sep 12, 2022 at 10:52 AM Ioi Lam <<a href="mailto:ioi.lam@oracle.com">ioi.lam@oracle.com</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 9/7/2022 9:07 PM, Jiangli Zhou wrote:<br>
> On Thu, Sep 1, 2022 at 12:51 PM Jiangli Zhou <<a href="mailto:jianglizhou@google.com" target="_blank">jianglizhou@google.com</a>> wrote:<br>
>> When utilizing CDS for tools in a cloud environment a few years back,<br>
>> we ran into the path checking issue. One of the main problems that we<br>
>> observed was that the mtime based check was not reliable. Internally,<br>
>> we've explored a few potential solutions. One of suggested ideas was<br>
>> to compute a checksum of the jar file and store the value in the zip<br>
>> central directory. Runtime can then validate the checksum. That can be<br>
>> reliable. It may require specification changes.<br>
> Some additional details about the idea using the zip central directory<br>
> for storing checksum (which was suggested by @martin):<br>
><br>
> The checksum would be computed at JAR creation time and stored in the<br>
> zip central directory. The checksum can be updated when the JAR file<br>
> is updated. At CDS image creation time, the JAR checksum could be<br>
> obtained and stored in the CDS image header. Runtime can then compare<br>
> the checksums to validate compatibility. The advantage is that it<br>
> avoids having to compute the checksum at both CDS creation time and<br>
> runtime. However, it requires JAR tools to be updated to support that.<br>
<br>
Hi Jiangli,<br>
<br>
Is there a field in the central directory for storing the creation time? <br>
I can't find that in the zip specification:<br>
<br>
<a href="https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT" rel="noreferrer" target="_blank">https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT</a></blockquote><div><br></div><div>If I recall correctly, @martin probably suggested using the "<span style="color:rgb(0,0,0);white-space:pre-wrap"><font face="monospace">extra field</font>" in a </span><span style="color:rgb(0,0,0);white-space:pre-wrap">central directory header, during the brainstorming from a few years back. That's a </span><span style="color:rgb(0,0,0);white-space:pre-wrap">variable sized field. Could you please look into that? </span><span style="color:rgb(0,0,0);white-space:pre-wrap">As mentioned earlier, we didn't pursue this direction as the use cases that we found (mostly likely are common use cases in practices) provided JAR<->JSA compatibility at runtime. For cases that do not have such a guarantee (possibly less common), </span><span style="color:rgb(0,0,0);white-space:pre-wrap">runtime checks probably are still useful</span><span style="color:rgb(0,0,0);white-space:pre-wrap">. </span></div><div><span style="color:rgb(0,0,0);white-space:pre-wrap"><br></span></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
By the way, I tested all version of JDK down to JDK 6, and all of them <br>
would create a META-INF/ entry at the very beginning of the JAR file <br>
that has the creation time of the JAR file.<br>
<br>
So I think we can effectively use the first 128 bytes of the JAR file to <br>
determine the creation time.<br></blockquote><div><br></div><div>A zip file may have <span style="color:rgb(32,33,34);font-family:sans-serif;font-size:14px">program code appended. Please see </span><a href="https://en.wikipedia.org/wiki/ZIP_(file_format)#:~:text=The%20ZIP%20format%20uses%20specific,byte%20central%20file%20header%20signature">ZIP (file format)</a> for a brief mention. However, I guess it could always seek to the beginning of the JAR content then check.</div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
There's a catch. If the JAR file was not created using the official JAR <br>
file (e.g., using zip.exe), we may not have the META-INF entry.Or the <br>
META_INF entry may not have the actual creation time. E.g.,<br></blockquote><div><br></div><div>Yes. That could be fragile.</div><div><br></div><div>Thanks,</div><div>Jiangli</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
zip foo.jar META-INF/MANIFEST.MF HelloWorld.class<br>
<br>
<br>
/jdk/official$ date<br>
Mon Sep 12 10:42:20 AM PDT 2022<br>
/jdk/official$ for i in $(find . -name jar | sort); do echo $i; rm -f <br>
foo.zip; $i cf foo.jar HelloWorld.class; unzip -lv foo.jar; head -c 128 <br>
foo.jar | hexdump -C; done<br>
./jdk10/bin/jar<br>
Archive: foo.jar<br>
Length Method Size Cmpr Date Time CRC-32 Name<br>
-------- ------ ------- ---- ---------- ----- -------- ----<br>
0 Defl:N 2 0% 2022-09-12 10:42 00000000 META-INF/<br>
62 Defl:N 62 0% 2022-09-12 10:42 3a1538ab <br>
META-INF/MANIFEST.MF<br>
585 Defl:N 392 33% 2022-09-12 10:39 4af91087 HelloWorld.class<br>
-------- ------- --- -------<br>
647 456 30% 3 files<br>
00000000 50 4b 03 04 14 00 08 08 08 00 48 55 2c 55 00 00 <br>
|PK........HU,U..|<br>
00000010 00 00 00 00 00 00 00 00 00 00 09 00 04 00 4d 45 <br>
|..............ME|<br>
00000020 54 41 2d 49 4e 46 2f fe ca 00 00 03 00 50 4b 07 <br>
|TA-INF/......PK.|<br>
00000030 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 <br>
|.............PK.|<br>
00000040 04 14 00 08 08 08 00 48 55 2c 55 00 00 00 00 00 <br>
|.......HU,U.....|<br>
00000050 00 00 00 00 00 00 00 14 00 00 00 4d 45 54 41 2d <br>
|...........META-|<br>
00000060 49 4e 46 2f 4d 41 4e 49 46 45 53 54 2e 4d 46 f3 <br>
|INF/MANIFEST.MF.|<br>
00000070 4d cc cb 4c 4b 2d 2e d1 0d 4b 2d 2a ce cc cf b3 <br>
|M..LK-...K-*....|<br>
00000080<br>
./jdk11/bin/jar<br>
Archive: foo.jar<br>
Length Method Size Cmpr Date Time CRC-32 Name<br>
-------- ------ ------- ---- ---------- ----- -------- ----<br>
0 Defl:N 2 0% 2022-09-12 10:42 00000000 META-INF/<br>
62 Defl:N 62 0% 2022-09-12 10:42 dd089e3c <br>
META-INF/MANIFEST.MF<br>
585 Defl:N 392 33% 2022-09-12 10:39 4af91087 HelloWorld.class<br>
-------- ------- --- -------<br>
647 456 30% 3 files<br>
00000000 50 4b 03 04 14 00 08 08 08 00 48 55 2c 55 00 00 <br>
|PK........HU,U..|<br>
00000010 00 00 00 00 00 00 00 00 00 00 09 00 04 00 4d 45 <br>
|..............ME|<br>
00000020 54 41 2d 49 4e 46 2f fe ca 00 00 03 00 50 4b 07 <br>
|TA-INF/......PK.|<br>
00000030 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 <br>
|.............PK.|<br>
00000040 04 14 00 08 08 08 00 48 55 2c 55 00 00 00 00 00 <br>
|.......HU,U.....|<br>
00000050 00 00 00 00 00 00 00 14 00 00 00 4d 45 54 41 2d <br>
|...........META-|<br>
00000060 49 4e 46 2f 4d 41 4e 49 46 45 53 54 2e 4d 46 f3 <br>
|INF/MANIFEST.MF.|<br>
00000070 4d cc cb 4c 4b 2d 2e d1 0d 4b 2d 2a ce cc cf b3 <br>
|M..LK-...K-*....|<br>
00000080<br>
./jdk12/bin/jar<br>
Archive: foo.jar<br>
Length Method Size Cmpr Date Time CRC-32 Name<br>
-------- ------ ------- ---- ---------- ----- -------- ----<br>
0 Defl:N 2 0% 2022-09-12 10:42 00000000 META-INF/<br>
62 Defl:N 62 0% 2022-09-12 10:42 2f5f73c4 <br>
META-INF/MANIFEST.MF<br>
585 Defl:N 392 33% 2022-09-12 10:39 4af91087 HelloWorld.class<br>
-------- ------- --- -------<br>
647 456 30% 3 files<br>
00000000 50 4b 03 04 14 00 08 08 08 00 48 55 2c 55 00 00 <br>
|PK........HU,U..|<br>
00000010 00 00 00 00 00 00 00 00 00 00 09 00 04 00 4d 45 <br>
|..............ME|<br>
00000020 54 41 2d 49 4e 46 2f fe ca 00 00 03 00 50 4b 07 <br>
|TA-INF/......PK.|<br>
00000030 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 <br>
|.............PK.|<br>
00000040 04 14 00 08 08 08 00 48 55 2c 55 00 00 00 00 00 <br>
|.......HU,U.....|<br>
00000050 00 00 00 00 00 00 00 14 00 00 00 4d 45 54 41 2d <br>
|...........META-|<br>
00000060 49 4e 46 2f 4d 41 4e 49 46 45 53 54 2e 4d 46 f3 <br>
|INF/MANIFEST.MF.|<br>
00000070 4d cc cb 4c 4b 2d 2e d1 0d 4b 2d 2a ce cc cf b3 <br>
|M..LK-...K-*....|<br>
00000080<br>
./jdk13/bin/jar<br>
Archive: foo.jar<br>
Length Method Size Cmpr Date Time CRC-32 Name<br>
-------- ------ ------- ---- ---------- ----- -------- ----<br>
0 Defl:N 2 0% 2022-09-12 10:42 00000000 META-INF/<br>
62 Defl:N 62 0% 2022-09-12 10:42 c842d553 <br>
META-INF/MANIFEST.MF<br>
585 Defl:N 392 33% 2022-09-12 10:39 4af91087 HelloWorld.class<br>
-------- ------- --- -------<br>
647 456 30% 3 files<br>
00000000 50 4b 03 04 14 00 08 08 08 00 48 55 2c 55 00 00 <br>
|PK........HU,U..|<br>
00000010 00 00 00 00 00 00 00 00 00 00 09 00 04 00 4d 45 <br>
|..............ME|<br>
00000020 54 41 2d 49 4e 46 2f fe ca 00 00 03 00 50 4b 07 <br>
|TA-INF/......PK.|<br>
00000030 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 <br>
|.............PK.|<br>
00000040 04 14 00 08 08 08 00 48 55 2c 55 00 00 00 00 00 <br>
|.......HU,U.....|<br>
00000050 00 00 00 00 00 00 00 14 00 00 00 4d 45 54 41 2d <br>
|...........META-|<br>
00000060 49 4e 46 2f 4d 41 4e 49 46 45 53 54 2e 4d 46 f3 <br>
|INF/MANIFEST.MF.|<br>
00000070 4d cc cb 4c 4b 2d 2e d1 0d 4b 2d 2a ce cc cf b3 <br>
|M..LK-...K-*....|<br>
00000080<br>
./jdk14/bin/jar<br>
Archive: foo.jar<br>
Length Method Size Cmpr Date Time CRC-32 Name<br>
-------- ------ ------- ---- ---------- ----- -------- ----<br>
0 Defl:N 2 0% 2022-09-12 10:42 00000000 META-INF/<br>
62 Defl:N 62 0% 2022-09-12 10:42 1081ae75 <br>
META-INF/MANIFEST.MF<br>
585 Defl:N 392 33% 2022-09-12 10:39 4af91087 HelloWorld.class<br>
-------- ------- --- -------<br>
647 456 30% 3 files<br>
00000000 50 4b 03 04 14 00 08 08 08 00 48 55 2c 55 00 00 <br>
|PK........HU,U..|<br>
00000010 00 00 00 00 00 00 00 00 00 00 09 00 04 00 4d 45 <br>
|..............ME|<br>
00000020 54 41 2d 49 4e 46 2f fe ca 00 00 03 00 50 4b 07 <br>
|TA-INF/......PK.|<br>
00000030 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 <br>
|.............PK.|<br>
00000040 04 14 00 08 08 08 00 48 55 2c 55 00 00 00 00 00 <br>
|.......HU,U.....|<br>
00000050 00 00 00 00 00 00 00 14 00 00 00 4d 45 54 41 2d <br>
|...........META-|<br>
00000060 49 4e 46 2f 4d 41 4e 49 46 45 53 54 2e 4d 46 f3 <br>
|INF/MANIFEST.MF.|<br>
00000070 4d cc cb 4c 4b 2d 2e d1 0d 4b 2d 2a ce cc cf b3 <br>
|M..LK-...K-*....|<br>
00000080<br>
./jdk15/bin/jar<br>
Archive: foo.jar<br>
Length Method Size Cmpr Date Time CRC-32 Name<br>
-------- ------ ------- ---- ---------- ----- -------- ----<br>
0 Defl:N 2 0% 2022-09-12 10:42 00000000 META-INF/<br>
62 Defl:N 62 0% 2022-09-12 10:42 f79c08e2 <br>
META-INF/MANIFEST.MF<br>
585 Defl:N 392 33% 2022-09-12 10:39 4af91087 HelloWorld.class<br>
-------- ------- --- -------<br>
647 456 30% 3 files<br>
00000000 50 4b 03 04 14 00 08 08 08 00 48 55 2c 55 00 00 <br>
|PK........HU,U..|<br>
00000010 00 00 00 00 00 00 00 00 00 00 09 00 04 00 4d 45 <br>
|..............ME|<br>
00000020 54 41 2d 49 4e 46 2f fe ca 00 00 03 00 50 4b 07 <br>
|TA-INF/......PK.|<br>
00000030 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 <br>
|.............PK.|<br>
00000040 04 14 00 08 08 08 00 48 55 2c 55 00 00 00 00 00 <br>
|.......HU,U.....|<br>
00000050 00 00 00 00 00 00 00 14 00 00 00 4d 45 54 41 2d <br>
|...........META-|<br>
00000060 49 4e 46 2f 4d 41 4e 49 46 45 53 54 2e 4d 46 f3 <br>
|INF/MANIFEST.MF.|<br>
00000070 4d cc cb 4c 4b 2d 2e d1 0d 4b 2d 2a ce cc cf b3 <br>
|M..LK-...K-*....|<br>
00000080<br>
./jdk16/bin/jar<br>
Archive: foo.jar<br>
Length Method Size Cmpr Date Time CRC-32 Name<br>
-------- ------ ------- ---- ---------- ----- -------- ----<br>
0 Defl:N 2 0% 2022-09-12 10:42 00000000 META-INF/<br>
62 Defl:N 62 0% 2022-09-12 10:42 05cbe51a <br>
META-INF/MANIFEST.MF<br>
585 Defl:N 392 33% 2022-09-12 10:39 4af91087 HelloWorld.class<br>
-------- ------- --- -------<br>
647 456 30% 3 files<br>
00000000 50 4b 03 04 14 00 08 08 08 00 48 55 2c 55 00 00 <br>
|PK........HU,U..|<br>
00000010 00 00 00 00 00 00 00 00 00 00 09 00 04 00 4d 45 <br>
|..............ME|<br>
00000020 54 41 2d 49 4e 46 2f fe ca 00 00 03 00 50 4b 07 <br>
|TA-INF/......PK.|<br>
00000030 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 <br>
|.............PK.|<br>
00000040 04 14 00 08 08 08 00 48 55 2c 55 00 00 00 00 00 <br>
|.......HU,U.....|<br>
00000050 00 00 00 00 00 00 00 14 00 00 00 4d 45 54 41 2d <br>
|...........META-|<br>
00000060 49 4e 46 2f 4d 41 4e 49 46 45 53 54 2e 4d 46 f3 <br>
|INF/MANIFEST.MF.|<br>
00000070 4d cc cb 4c 4b 2d 2e d1 0d 4b 2d 2a ce cc cf b3 <br>
|M..LK-...K-*....|<br>
00000080<br>
./jdk17/bin/jar<br>
Archive: foo.jar<br>
Length Method Size Cmpr Date Time CRC-32 Name<br>
-------- ------ ------- ---- ---------- ----- -------- ----<br>
0 Defl:N 2 0% 2022-09-12 10:42 00000000 META-INF/<br>
62 Defl:N 62 0% 2022-09-12 10:42 e2d6438d <br>
META-INF/MANIFEST.MF<br>
585 Defl:N 392 33% 2022-09-12 10:39 4af91087 HelloWorld.class<br>
-------- ------- --- -------<br>
647 456 30% 3 files<br>
00000000 50 4b 03 04 14 00 08 08 08 00 48 55 2c 55 00 00 <br>
|PK........HU,U..|<br>
00000010 00 00 00 00 00 00 00 00 00 00 09 00 04 00 4d 45 <br>
|..............ME|<br>
00000020 54 41 2d 49 4e 46 2f fe ca 00 00 03 00 50 4b 07 <br>
|TA-INF/......PK.|<br>
00000030 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 <br>
|.............PK.|<br>
00000040 04 14 00 08 08 08 00 48 55 2c 55 00 00 00 00 00 <br>
|.......HU,U.....|<br>
00000050 00 00 00 00 00 00 00 14 00 00 00 4d 45 54 41 2d <br>
|...........META-|<br>
00000060 49 4e 46 2f 4d 41 4e 49 46 45 53 54 2e 4d 46 f3 <br>
|INF/MANIFEST.MF.|<br>
00000070 4d cc cb 4c 4b 2d 2e d1 0d 4b 2d 2a ce cc cf b3 <br>
|M..LK-...K-*....|<br>
00000080<br>
./jdk1.8.0_261/bin/jar<br>
Archive: foo.jar<br>
Length Method Size Cmpr Date Time CRC-32 Name<br>
-------- ------ ------- ---- ---------- ----- -------- ----<br>
0 Defl:N 2 0% 2022-09-12 10:42 00000000 META-INF/<br>
69 Defl:N 68 1% 2022-09-12 10:42 41397d72 <br>
META-INF/MANIFEST.MF<br>
585 Defl:N 392 33% 2022-09-12 10:39 4af91087 HelloWorld.class<br>
-------- ------- --- -------<br>
654 462 29% 3 files<br>
00000000 50 4b 03 04 14 00 08 08 08 00 48 55 2c 55 00 00 <br>
|PK........HU,U..|<br>
00000010 00 00 00 00 00 00 00 00 00 00 09 00 04 00 4d 45 <br>
|..............ME|<br>
00000020 54 41 2d 49 4e 46 2f fe ca 00 00 03 00 50 4b 07 <br>
|TA-INF/......PK.|<br>
00000030 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 <br>
|.............PK.|<br>
00000040 04 14 00 08 08 08 00 48 55 2c 55 00 00 00 00 00 <br>
|.......HU,U.....|<br>
00000050 00 00 00 00 00 00 00 14 00 00 00 4d 45 54 41 2d <br>
|...........META-|<br>
00000060 49 4e 46 2f 4d 41 4e 49 46 45 53 54 2e 4d 46 f3 <br>
|INF/MANIFEST.MF.|<br>
00000070 4d cc cb 4c 4b 2d 2e d1 0d 4b 2d 2a ce cc cf b3 <br>
|M..LK-...K-*....|<br>
00000080<br>
./jdk18/bin/jar<br>
Archive: foo.jar<br>
Length Method Size Cmpr Date Time CRC-32 Name<br>
-------- ------ ------- ---- ---------- ----- -------- ----<br>
0 Defl:N 2 0% 2022-09-12 10:42 00000000 META-INF/<br>
62 Defl:N 62 0% 2022-09-12 10:42 6f3c1517 <br>
META-INF/MANIFEST.MF<br>
585 Defl:N 392 33% 2022-09-12 10:39 4af91087 HelloWorld.class<br>
-------- ------- --- -------<br>
647 456 30% 3 files<br>
00000000 50 4b 03 04 14 00 08 08 08 00 48 55 2c 55 00 00 <br>
|PK........HU,U..|<br>
00000010 00 00 00 00 00 00 00 00 00 00 09 00 04 00 4d 45 <br>
|..............ME|<br>
00000020 54 41 2d 49 4e 46 2f fe ca 00 00 03 00 50 4b 07 <br>
|TA-INF/......PK.|<br>
00000030 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 <br>
|.............PK.|<br>
00000040 04 14 00 08 08 08 00 48 55 2c 55 00 00 00 00 00 <br>
|.......HU,U.....|<br>
00000050 00 00 00 00 00 00 00 14 00 00 00 4d 45 54 41 2d <br>
|...........META-|<br>
00000060 49 4e 46 2f 4d 41 4e 49 46 45 53 54 2e 4d 46 f3 <br>
|INF/MANIFEST.MF.|<br>
00000070 4d cc cb 4c 4b 2d 2e d1 0d 4b 2d 2a ce cc cf b3 <br>
|M..LK-...K-*....|<br>
00000080<br>
./jdk6u_211/bin/jar<br>
Archive: foo.jar<br>
Length Method Size Cmpr Date Time CRC-32 Name<br>
-------- ------ ------- ---- ---------- ----- -------- ----<br>
0 Defl:N 2 0% 2022-09-12 10:42 00000000 META-INF/<br>
72 Defl:N 72 0% 2022-09-12 10:42 27324655 <br>
META-INF/MANIFEST.MF<br>
585 Defl:N 392 33% 2022-09-12 10:39 4af91087 HelloWorld.class<br>
-------- ------- --- -------<br>
657 466 29% 3 files<br>
00000000 50 4b 03 04 14 00 08 00 08 00 48 55 2c 55 00 00 <br>
|PK........HU,U..|<br>
00000010 00 00 00 00 00 00 00 00 00 00 09 00 04 00 4d 45 <br>
|..............ME|<br>
00000020 54 41 2d 49 4e 46 2f fe ca 00 00 03 00 50 4b 07 <br>
|TA-INF/......PK.|<br>
00000030 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 <br>
|.............PK.|<br>
00000040 04 14 00 08 00 08 00 48 55 2c 55 00 00 00 00 00 <br>
|.......HU,U.....|<br>
00000050 00 00 00 00 00 00 00 14 00 00 00 4d 45 54 41 2d <br>
|...........META-|<br>
00000060 49 4e 46 2f 4d 41 4e 49 46 45 53 54 2e 4d 46 f3 <br>
|INF/MANIFEST.MF.|<br>
00000070 4d cc cb 4c 4b 2d 2e d1 0d 4b 2d 2a ce cc cf b3 <br>
|M..LK-...K-*....|<br>
00000080<br>
./jdk7u_321/fastdebug/bin/jar<br>
Error occurred during initialization of VM<br>
java/lang/ClassNotFoundException: error in opening JAR file <Zip file <br>
open error><br>
Archive: foo.jar<br>
Length Method Size Cmpr Date Time CRC-32 Name<br>
-------- ------ ------- ---- ---------- ----- -------- ----<br>
0 Defl:N 2 0% 2022-09-12 10:42 00000000 META-INF/<br>
72 Defl:N 72 0% 2022-09-12 10:42 27324655 <br>
META-INF/MANIFEST.MF<br>
585 Defl:N 392 33% 2022-09-12 10:39 4af91087 HelloWorld.class<br>
-------- ------- --- -------<br>
657 466 29% 3 files<br>
00000000 50 4b 03 04 14 00 08 00 08 00 48 55 2c 55 00 00 <br>
|PK........HU,U..|<br>
00000010 00 00 00 00 00 00 00 00 00 00 09 00 04 00 4d 45 <br>
|..............ME|<br>
00000020 54 41 2d 49 4e 46 2f fe ca 00 00 03 00 50 4b 07 <br>
|TA-INF/......PK.|<br>
00000030 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 <br>
|.............PK.|<br>
00000040 04 14 00 08 00 08 00 48 55 2c 55 00 00 00 00 00 <br>
|.......HU,U.....|<br>
00000050 00 00 00 00 00 00 00 14 00 00 00 4d 45 54 41 2d <br>
|...........META-|<br>
00000060 49 4e 46 2f 4d 41 4e 49 46 45 53 54 2e 4d 46 f3 <br>
|INF/MANIFEST.MF.|<br>
00000070 4d cc cb 4c 4b 2d 2e d1 0d 4b 2d 2a ce cc cf b3 <br>
|M..LK-...K-*....|<br>
00000080<br>
./jdk8_b132/linux_amd64/bin/jar<br>
Archive: foo.jar<br>
Length Method Size Cmpr Date Time CRC-32 Name<br>
-------- ------ ------- ---- ---------- ----- -------- ----<br>
0 Defl:N 2 0% 2022-09-12 10:42 00000000 META-INF/<br>
65 Defl:N 64 2% 2022-09-12 10:42 19255984 <br>
META-INF/MANIFEST.MF<br>
585 Defl:N 392 33% 2022-09-12 10:39 4af91087 HelloWorld.class<br>
-------- ------- --- -------<br>
650 458 30% 3 files<br>
00000000 50 4b 03 04 14 00 08 08 08 00 48 55 2c 55 00 00 <br>
|PK........HU,U..|<br>
00000010 00 00 00 00 00 00 00 00 00 00 09 00 04 00 4d 45 <br>
|..............ME|<br>
00000020 54 41 2d 49 4e 46 2f fe ca 00 00 03 00 50 4b 07 <br>
|TA-INF/......PK.|<br>
00000030 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 <br>
|.............PK.|<br>
00000040 04 14 00 08 08 08 00 48 55 2c 55 00 00 00 00 00 <br>
|.......HU,U.....|<br>
00000050 00 00 00 00 00 00 00 14 00 00 00 4d 45 54 41 2d <br>
|...........META-|<br>
00000060 49 4e 46 2f 4d 41 4e 49 46 45 53 54 2e 4d 46 f3 <br>
|INF/MANIFEST.MF.|<br>
00000070 4d cc cb 4c 4b 2d 2e d1 0d 4b 2d 2a ce cc cf b3 <br>
|M..LK-...K-*....|<br>
00000080<br>
./jdk8_b132/linux_i586/bin/jar<br>
Archive: foo.jar<br>
Length Method Size Cmpr Date Time CRC-32 Name<br>
-------- ------ ------- ---- ---------- ----- -------- ----<br>
0 Defl:N 2 0% 2022-09-12 10:42 00000000 META-INF/<br>
65 Defl:N 64 2% 2022-09-12 10:42 19255984 <br>
META-INF/MANIFEST.MF<br>
585 Defl:N 392 33% 2022-09-12 10:39 4af91087 HelloWorld.class<br>
-------- ------- --- -------<br>
650 458 30% 3 files<br>
00000000 50 4b 03 04 14 00 08 08 08 00 48 55 2c 55 00 00 <br>
|PK........HU,U..|<br>
00000010 00 00 00 00 00 00 00 00 00 00 09 00 04 00 4d 45 <br>
|..............ME|<br>
00000020 54 41 2d 49 4e 46 2f fe ca 00 00 03 00 50 4b 07 <br>
|TA-INF/......PK.|<br>
00000030 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 <br>
|.............PK.|<br>
00000040 04 14 00 08 08 08 00 48 55 2c 55 00 00 00 00 00 <br>
|.......HU,U.....|<br>
00000050 00 00 00 00 00 00 00 14 00 00 00 4d 45 54 41 2d <br>
|...........META-|<br>
00000060 49 4e 46 2f 4d 41 4e 49 46 45 53 54 2e 4d 46 f3 <br>
|INF/MANIFEST.MF.|<br>
00000070 4d cc cb 4c 4b 2d 2e d1 0d 4b 2d 2a ce cc cf b3 <br>
|M..LK-...K-*....|<br>
00000080<br>
./jdk9/bin/jar<br>
Archive: foo.jar<br>
Length Method Size Cmpr Date Time CRC-32 Name<br>
-------- ------ ------- ---- ---------- ----- -------- ----<br>
0 Defl:N 2 0% 2022-09-12 10:42 00000000 META-INF/<br>
61 Defl:N 62 -2% 2022-09-12 10:42 3912bcee <br>
META-INF/MANIFEST.MF<br>
585 Defl:N 392 33% 2022-09-12 10:39 4af91087 HelloWorld.class<br>
-------- ------- --- -------<br>
646 456 29% 3 files<br>
00000000 50 4b 03 04 14 00 08 08 08 00 48 55 2c 55 00 00 <br>
|PK........HU,U..|<br>
00000010 00 00 00 00 00 00 00 00 00 00 09 00 04 00 4d 45 <br>
|..............ME|<br>
00000020 54 41 2d 49 4e 46 2f fe ca 00 00 03 00 50 4b 07 <br>
|TA-INF/......PK.|<br>
00000030 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 <br>
|.............PK.|<br>
00000040 04 14 00 08 08 08 00 48 55 2c 55 00 00 00 00 00 <br>
|.......HU,U.....|<br>
00000050 00 00 00 00 00 00 00 14 00 00 00 4d 45 54 41 2d <br>
|...........META-|<br>
00000060 49 4e 46 2f 4d 41 4e 49 46 45 53 54 2e 4d 46 f3 <br>
|INF/MANIFEST.MF.|<br>
00000070 4d cc cb 4c 4b 2d 2e d1 0d 4b 2d 2a ce cc cf b3 <br>
|M..LK-...K-*....|<br>
00000080<br>
<br>
<br>
Thanks<br>
- Ioi<br>
<br>
>> Another approach is to provide a runtime flag (e.g.<br>
>> -XX:+|-ValidateSharedClassPaths), which can be used to disable the<br>
>> problematic jar path checking in use cases where it is safe to do so.<br>
>> This is the approach that we have been using for tools that use CDS.<br>
>> The tools' JAR files and CDS images are built and released together.<br>
>> As the release progresses guarantee the compatibility between the JAR<br>
>> file and the CDS archive in these kinds of usages, we can safely<br>
>> disable the corresponding path checking. It also minimizes the related<br>
>> overhead. I'd like to contribute the related patch in the short term.<br>
> Created <a href="https://bugs.openjdk.org/browse/JDK-8293526" rel="noreferrer" target="_blank">https://bugs.openjdk.org/browse/JDK-8293526</a> (apologizing for<br>
> duplicating with <a href="https://bugs.openjdk.org/browse/JDK-8284692" rel="noreferrer" target="_blank">https://bugs.openjdk.org/browse/JDK-8284692</a>).<br>
><br>
> Thanks,<br>
> Jiangli<br>
><br>
>> Thanks,<br>
>> Jiangli<br>
>><br>
>> On Wed, Aug 31, 2022 at 9:47 PM Ioi Lam <<a href="mailto:ioi.lam@oracle.com" target="_blank">ioi.lam@oracle.com</a>> wrote:<br>
>>> Proposal Summary:<br>
>>><br>
>>> Use a digest of a JAR file to detect if the file has changed<br>
>>><br>
>>><br>
>>> Background<br>
>>> ==========<br>
>>><br>
>>> CDS is in effect a caching mechanism -- it needs to make sure that the<br>
>>> InstanceKlasses stored in the archive are the same as those parsed from<br>
>>> classfiles.<br>
>>><br>
>>> To do this, we archive only the classes from (a) the JDK's modules image<br>
>>> file and (b) JAR files. We don't archive classes in directories since<br>
>>> it's difficult to check if the contents of a directory have changed.<br>
>>><br>
>>> At runtime, we assume that (a) didn't change, since we require the exact<br>
>>> same JDK build to be used.<br>
>>><br>
>>> For (b) we currently do this:<br>
>>><br>
>>> (1) Check that -classpath and -Xbootclasspath (absolute paths) are<br>
>>> identical between run time and dump time.<br>
>>> (2) For each JAR file in cp and bcp, check if its size and modification<br>
>>> time has changed.<br>
>>> (3) (Something similar happens with the module path ....)<br>
>>><br>
>>> We have used this scheme for almost a decade. Note that we avoid reading<br>
>>> the JAR files as that may slow down start-up time on old spinning disks.<br>
>>> However, as most work-loads run on SSDs now, I believe this is no longer<br>
>>> a concern.<br>
>>><br>
>>> Recently, we are seeing problems when people deploy CDS inside containers:<br>
>>><br>
>>> For (1) the file system structure may different between run time and<br>
>>> dump time. We can kludge around this problem by using relative paths<br>
>>> instead of absolute paths, but this will make the existing code even<br>
>>> more complicated.<br>
>>><br>
>>> For (2) when deploying the app, it may not be easy to keep the<br>
>>> modification time unchanged (see JDK-8284692).<br>
>>><br>
>>><br>
>>> Proposal<br>
>>> ========<br>
>>><br>
>>> For (1) - don't not compare directory name anymore. Only check that the<br>
>>> filename is the same:<br>
>>><br>
>>> E.g.<br>
>>><br>
>>> Dump:<br>
>>> java -Xshare:dump -cp dir1/Foo.jar:dir2/Bar.jar ..<br>
>>><br>
>>> Run:<br>
>>> java -cp dir1/Foo.jar:dir2/Bar.jar ... [OK]<br>
>>> java -cp Foo.jar:Bar.jar ... [OK]<br>
>>> java -cp Foo.jar:Bxx.jar ... [Fail - changed from Bar.jar to Bxx.jar]<br>
>>><br>
>>> For (2)<br>
>>><br>
>>> - Check that file size has not changed.<br>
>>> - Compute a digest of the file. Check that this has not changed.<br>
>>><br>
>>><br>
>>> Digest<br>
>>> ======<br>
>>><br>
>>> The purpose is not for security or (malicious) tamper detection. It's<br>
>>> for guarding against innocent mistakes (forgot to regenerate CDS archive<br>
>>> after JAR files have been updated). Therefore, we don't need to run an<br>
>>> expensive digest like MD5.<br>
>>><br>
>>> Instead, it should be enough to just do a quick XOR digest of the first<br>
>>> 128 bytes of the JAR file. Since this part usually contains the<br>
>>> META-INF/ directory and its modification time. So it effectively<br>
>>> contains the time when this JAR file was created. The timestamp seems to<br>
>>> have a 2 second resolution:<br>
>>><br>
>>> $ while true; do jar cfm foo.jar MANIFEST.MF HelloWorld.class ; head -c<br>
>>> 128 foo.jar | cksum; sleep 2; done<br>
>>> <a href="tel:(380)%20350-7028" value="+13803507028" target="_blank">3803507028</a> 128<br>
>>> 1857545662 128<br>
>>> 916098721 128<br>
>>> 3740087168 128<br>
>>> 2260752543 128<br>
>>> <a href="tel:(325)%20754-6723" value="+13257546723" target="_blank">3257546723</a> 128<br>
>>> 2584173820 128<br>
>>> ...<br>
>>><br>
>>><br>
>>> Advantage:<br>
>>><br>
>>> - Make it easier to deploy CDS archive (fewer false negatives)<br>
>>> - Simplify logic in the CDS code<br>
>>><br>
>>> Risks:<br>
>>><br>
>>> - Opening every JAR file may cause a slow down if you have lots of JARs<br>
>>> in the classpath running on a slow file system.<br>
>>><br>
<br>
</blockquote></div></div>