[jdk17u-dev] RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC [v2]

Goetz Lindenmaier goetz at openjdk.org
Sat Oct 4 12:20:57 UTC 2025 

On Fri, 19 Sep 2025 18:43:41 GMT, Francisco Ferrari Bihurriet <fferrari at openjdk.org> wrote:

>> Hi, this is a backport of openjdk/jdk21u-dev#2235. The backport is almost clean, except for:
>> 
>> * A slightly different context around `Main.java` imports
>> * ~~17u doesn't have `Resources_de.java` (changes were discarded)~~
>>     * $\mbox{\color{red}UPDATE}$ (ea571bc85aae540b395d0175bc4014e899413064): all the internationalized messages have been removed, as they aren't typically included in backports (thanks @jerboaa for letting me know).
>> * The `jarsigner.1` manpage has a slightly different format (manually adjusted to match the 17u format)
>> 
>> #### Related issues ("relates to" Jira issue links)
>> 
>> [JDK-8353299](https://bugs.openjdk.org/browse/JDK-8353299 "VerifyJarEntryName.java test fails") (openjdk/jdk at acd4da49a01760599ec4c325ff6c56f53ba5cc9c) and [JDK-8367782](https://bugs.openjdk.org/browse/JDK-8367782 "VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName") (openjdk/jdk at 1b9a11682d5f73885213822423bfce8dfc17febd) were also included as part of this backport. They are test-only changes that improve the reliability and coverage of `VerifyJarEntryName.java`.
>> 
>> Since `test/hotspot/jtreg/runtime/cds/appcds/SignedJar.java` is not failing after the backport, [JDK-8353330](https://bugs.openjdk.org/browse/JDK-8353330 "Test runtime/cds/appcds/SignedJar.java fails in CDSHeapVerifier") was not included.
>> 
>> #### Testing
>> 
>> * Besides the `tier1` run from the [GitHub actions](https://github.com/franferrax/jdk17u-dev/actions/runs/17832135845) (all passed), I ran a regression using the following categories and individual tests:
>>     * `test/hotspot/jtreg/runtime/cds/appcds/SignedJar.java`
>>     * `test/jdk/java/security/SignedJar`
>>     * `test/jdk/java/util/jar`
>>     * `test/jdk/jdk/security/jarsigner`
>>     * `test/jdk/sun/security/pkcs/pkcs7`
>>     * `test/jdk/sun/security/tools/jarsigner`
>>         * Includes `VerifyJarEntryName.java`, created for this issue
>>     * `test/jdk/sun/security/tools/keytool`
>> 
>> No regressions were found against the current `master` branch (ec6528e9cf66abe34b9c293359ca11a4b550b7a8).
>
> Francisco Ferrari Bihurriet has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Remove internationalized messages

Hi @franferrax,
Next time, please backport on the base of the push to 21. (This should be done always if the backport to 21 was not clean). The important part of that is to make the title "backport <hash in 21> . You can also use the /backport command in the push to 21, this is especially useful if the backport to 17 from 21 is clean.

This would make the comment of this change very simple:
"Clean backport from 21 except for formatting in the man page jarsigner.1"

-------------

PR Comment: https://git.openjdk.org/jdk17u-dev/pull/3954#issuecomment-3368176030

More information about the jdk-updates-dev mailing list