[11u] RFR: 8218021: Have jarsigner preserve posix permission attributes

Langer, Christoph christoph.langer at sap.com
Fri Nov 13 16:43:29 UTC 2020 

Thanks, Paul.

> -----Original Message-----
> From: Hohensee, Paul <hohensee at amazon.com>
> Sent: Freitag, 13. November 2020 17:33
> To: Langer, Christoph <christoph.langer at sap.com>; jdk-updates-
> dev at openjdk.java.net
> Subject: Re: [11u] RFR: 8218021: Have jarsigner preserve posix permission
> attributes
> 
> Seems reasonable. Reviewed.
> 
> Thanks,
> Paul
> 
> On 11/12/20, 12:45 PM, "Paul Hohensee" <hohensee at amazon.com> wrote:
> 
>     On 11/12/20, 8:10 AM, "Langer, Christoph" <christoph.langer at sap.com>
> wrote:
> 
>         Hi Paul,
> 
>         thanks for looking at this.
> 
>         I didn't want to backport JDK-8242060 because it is another enhancement
> for jarsigner with a CSR attached. Oracle did not backport it to 11u. So I didn't
> want to go all the way with nobody asking for it. It would be additional work
> and if worst comes to worse, additional trouble ��
>         As for JDK-8180573: This is a larger test refactoring where I didn't see the
> benefit of going through all the work to make it fit. It didn't apply cleanly and
> had several conflicts to begin with. And also no indication of it being ported
> to Oracle's 11u.
> 
>         Best regards
>         Christoph
> 
>         > -----Original Message-----
>         > From: Hohensee, Paul <hohensee at amazon.com>
>         > Sent: Donnerstag, 12. November 2020 16:38
>         > To: Langer, Christoph <christoph.langer at sap.com>; jdk-updates-
>         > dev at openjdk.java.net
>         > Subject: RE: [11u] RFR: 8218021: Have jarsigner preserve posix
> permission
>         > attributes
>         >
>         > Is there a reason not to first backport JDK-8242060 and JDK-8180573?
>         >
>         > Thanks,
>         > Paul
>         >
>         > On 11/12/20, 12:03 AM, "jdk-updates-dev on behalf of Langer,
> Christoph"
>         > <jdk-updates-dev-retn at openjdk.java.net on behalf of
>         > christoph.langer at sap.com> wrote:
>         >
>         >     Hi,
>         >
>         >     please review the 11u backport of JDK-8218021: Have jarsigner
> preserve
>         > posix permission attributes.
>         >
>         >     To backport it, I first had to resolve some conflicts:
>         >     - Changes for jdk/internal/access/JavaUtilZipFileAccess.java went to
>         > jdk/internal/misc/JavaUtilZipFileAccess.java.
>         >     - Change to module-info.java had to be adapted because of different
>         > package of JavaUtilZipFileAccess
>         >     - Change to
>         > src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
> had to
>         > be adapted because CRLCHECK is not present in 11u (was introduced
> with
>         > JDK-8242060 [0] in JDK 15 and not backported)
>         >     - Omitted changes to
>         > src/java.base/share/classes/sun/security/provider/certpath/OCSP.java
> and
>         > test/jdk/sun/security/util/Resources/Usages.java for the same reason
>         > (missing JDK-8242060 [0])
>         >
>         >     Then I included the part from JDK-8242060 [0] that adds the class
>         > src/java.base/share/classes/sun/security/util/Event.java which is a
>         > prerequisite of the functionality to emit warnings when POSIX
> permissions
>         > are present. I obviously also resolved the changes to Event.java coming
> with
>         > JDK-8218021.
>         >
>         >     Eventually, to make the test work, I first included the functionality of
>         > jdk.test.lib.SecurityTools.jar() from from JDK-8180573 [1]. Then, since
> zipfs of
>         > JDK11 does not support POSIX permissions, we need to generate the
> zip file
>         > against which we test using a higher JDK with zipfs POSIX support. For
> that, I
>         > borrowed and adapted some coding of the test that came with JDK-
> 8250968
>         > [2] which solves a similar problem of incorporating a zip file generated
> with
>         > external tools. I generated the zip file with JDK15 and imported it as a
> byte
>         > array declaration into the test body.
>         >
>         >     The bug has a CSR attached but it was already approved for 11-pool,
> so no
>         > additional work here.
>         >
>         >     Bug: https://bugs.openjdk.java.net/browse/JDK-8218021
>         >     Webrev: http://cr.openjdk.java.net/~clanger/webrevs/8218021.11u/
>         >     Original Change:
> https://hg.openjdk.java.net/jdk/jdk/rev/d886e752a7b0
>         >     CSR: https://bugs.openjdk.java.net/browse/JDK-8247499
>         >
>         >     Thanks
>         >     Christoph
>         >
>         >     [0] https://bugs.openjdk.java.net/browse/JDK-8242060 Add
> revocation
>         > checking to jarsigner
>         >     [1] https://bugs.openjdk.java.net/browse/JDK-8180573 Refactor
>         > sun/security/tools shell tests to plain java tests
>         >     [2] https://bugs.openjdk.java.net/browse/JDK-8250968 Symlinks
>         > attributes not preserved when using jarsigner on zip files
>         >
>

More information about the jdk-updates-dev mailing list