[11u] RFR: 8218021: Have jarsigner preserve posix permission attributes

Hohensee, Paul hohensee at amazon.com
Fri Nov 13 16:33:29 UTC 2020


Seems reasonable. Reviewed.

Thanks,
Paul

On 11/12/20, 12:45 PM, "Paul Hohensee" <hohensee at amazon.com> wrote:

    On 11/12/20, 8:10 AM, "Langer, Christoph" <christoph.langer at sap.com> wrote:

        Hi Paul,

        thanks for looking at this.

        I didn't want to backport JDK-8242060 because it is another enhancement for jarsigner with a CSR attached. Oracle did not backport it to 11u. So I didn't want to go all the way with nobody asking for it. It would be additional work and if worst comes to worse, additional trouble ��
        As for JDK-8180573: This is a larger test refactoring where I didn't see the benefit of going through all the work to make it fit. It didn't apply cleanly and had several conflicts to begin with. And also no indication of it being ported to Oracle's 11u.

        Best regards
        Christoph

        > -----Original Message-----
        > From: Hohensee, Paul <hohensee at amazon.com>
        > Sent: Donnerstag, 12. November 2020 16:38
        > To: Langer, Christoph <christoph.langer at sap.com>; jdk-updates-
        > dev at openjdk.java.net
        > Subject: RE: [11u] RFR: 8218021: Have jarsigner preserve posix permission
        > attributes
        >
        > Is there a reason not to first backport JDK-8242060 and JDK-8180573?
        >
        > Thanks,
        > Paul
        >
        > On 11/12/20, 12:03 AM, "jdk-updates-dev on behalf of Langer, Christoph"
        > <jdk-updates-dev-retn at openjdk.java.net on behalf of
        > christoph.langer at sap.com> wrote:
        >
        >     Hi,
        >
        >     please review the 11u backport of JDK-8218021: Have jarsigner preserve
        > posix permission attributes.
        >
        >     To backport it, I first had to resolve some conflicts:
        >     - Changes for jdk/internal/access/JavaUtilZipFileAccess.java went to
        > jdk/internal/misc/JavaUtilZipFileAccess.java.
        >     - Change to module-info.java had to be adapted because of different
        > package of JavaUtilZipFileAccess
        >     - Change to
        > src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java had to
        > be adapted because CRLCHECK is not present in 11u (was introduced with
        > JDK-8242060 [0] in JDK 15 and not backported)
        >     - Omitted changes to
        > src/java.base/share/classes/sun/security/provider/certpath/OCSP.java and
        > test/jdk/sun/security/util/Resources/Usages.java for the same reason
        > (missing JDK-8242060 [0])
        >
        >     Then I included the part from JDK-8242060 [0] that adds the class
        > src/java.base/share/classes/sun/security/util/Event.java which is a
        > prerequisite of the functionality to emit warnings when POSIX permissions
        > are present. I obviously also resolved the changes to Event.java coming with
        > JDK-8218021.
        >
        >     Eventually, to make the test work, I first included the functionality of
        > jdk.test.lib.SecurityTools.jar() from from JDK-8180573 [1]. Then, since zipfs of
        > JDK11 does not support POSIX permissions, we need to generate the zip file
        > against which we test using a higher JDK with zipfs POSIX support. For that, I
        > borrowed and adapted some coding of the test that came with JDK-8250968
        > [2] which solves a similar problem of incorporating a zip file generated with
        > external tools. I generated the zip file with JDK15 and imported it as a byte
        > array declaration into the test body.
        >
        >     The bug has a CSR attached but it was already approved for 11-pool, so no
        > additional work here.
        >
        >     Bug: https://bugs.openjdk.java.net/browse/JDK-8218021
        >     Webrev: http://cr.openjdk.java.net/~clanger/webrevs/8218021.11u/
        >     Original Change: https://hg.openjdk.java.net/jdk/jdk/rev/d886e752a7b0
        >     CSR: https://bugs.openjdk.java.net/browse/JDK-8247499
        >
        >     Thanks
        >     Christoph
        >
        >     [0] https://bugs.openjdk.java.net/browse/JDK-8242060 Add revocation
        > checking to jarsigner
        >     [1] https://bugs.openjdk.java.net/browse/JDK-8180573 Refactor
        > sun/security/tools shell tests to plain java tests
        >     [2] https://bugs.openjdk.java.net/browse/JDK-8250968 Symlinks
        > attributes not preserved when using jarsigner on zip files
        >




More information about the jdk-updates-dev mailing list