[11u] RFR: 8218021: Have jarsigner preserve posix permission attributes

[Hohensee, Paul]

Is there a reason not to first backport JDK-8242060 and JDK-8180573?

Thanks,
Paul

On 11/12/20, 12:03 AM, "jdk-updates-dev on behalf of Langer, Christoph" <jdk-updates-dev-retn at openjdk.java.net on behalf of christoph.langer at sap.com> wrote:

    Hi,

    please review the 11u backport of JDK-8218021: Have jarsigner preserve posix permission attributes.

    To backport it, I first had to resolve some conflicts:
    - Changes for jdk/internal/access/JavaUtilZipFileAccess.java went to jdk/internal/misc/JavaUtilZipFileAccess.java.
    - Change to module-info.java had to be adapted because of different package of JavaUtilZipFileAccess
    - Change to src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java had to be adapted because CRLCHECK is not present in 11u (was introduced with JDK-8242060 [0] in JDK 15 and not backported)
    - Omitted changes to src/java.base/share/classes/sun/security/provider/certpath/OCSP.java and test/jdk/sun/security/util/Resources/Usages.java for the same reason (missing JDK-8242060 [0])

    Then I included the part from JDK-8242060 [0] that adds the class src/java.base/share/classes/sun/security/util/Event.java which is a prerequisite of the functionality to emit warnings when POSIX permissions are present. I obviously also resolved the changes to Event.java coming with JDK-8218021.

    Eventually, to make the test work, I first included the functionality of jdk.test.lib.SecurityTools.jar() from from JDK-8180573 [1]. Then, since zipfs of JDK11 does not support POSIX permissions, we need to generate the zip file against which we test using a higher JDK with zipfs POSIX support. For that, I borrowed and adapted some coding of the test that came with JDK-8250968 [2] which solves a similar problem of incorporating a zip file generated with external tools. I generated the zip file with JDK15 and imported it as a byte array declaration into the test body.

    The bug has a CSR attached but it was already approved for 11-pool, so no additional work here.

    Bug: https://bugs.openjdk.java.net/browse/JDK-8218021
    Webrev: http://cr.openjdk.java.net/~clanger/webrevs/8218021.11u/
    Original Change: https://hg.openjdk.java.net/jdk/jdk/rev/d886e752a7b0
    CSR: https://bugs.openjdk.java.net/browse/JDK-8247499

    Thanks
    Christoph

    [0] https://bugs.openjdk.java.net/browse/JDK-8242060 Add revocation checking to jarsigner
    [1] https://bugs.openjdk.java.net/browse/JDK-8180573 Refactor sun/security/tools shell tests to plain java tests
    [2] https://bugs.openjdk.java.net/browse/JDK-8250968 Symlinks attributes not preserved when using jarsigner on zip files