[jdk21u-dev] RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC

Severin Gehwolf sgehwolf at openjdk.org
Fri Sep 19 14:30:05 UTC 2025 

On Thu, 18 Sep 2025 21:27:28 GMT, Francisco Ferrari Bihurriet <fferrari at openjdk.org> wrote:

> Hi, this is a backport of openjdk/jdk at bbd5b174c50346152a624317b6bd76ec48f7e551. The backport is not clean because of the following reasons.
> 
> ##### Internationalization files
> 
> 21u doesn't have [JDK-8345940: Migrate security-related resources from Java classes to properties files](https://bugs.openjdk.org/browse/JDK-8345940) (openjdk/jdk at 9a49418138b93bc8ed8879be5c9b9b9c85ef47e1), so changes from `resources/jarsigner.properties`, were applied to `Resources.java`.
> 
> Also, internationalized messages were added later, so they have been recovered from [JDK-8359761: JDK 25 RDP1 L10n resource files update](https://bugs.openjdk.org/browse/JDK-8359761) (openjdk/jdk at da7080fffb2389465dc9afca6d02e9085fe15302):
> 
> * New messages in `resources/jarsigner_de.properties` were applied to `Resources_de.java`
> * New messages in `resources/jarsigner_ja.properties` were applied to `Resources_ja.java`
> * New messages in `resources/jarsigner_zh_CN.properties` were applied to `Resources_zh_CN.java`
> 
> To convert these messages, I created the [PropertiesToResources.java](https://github.com/user-attachments/files/22413901/PropertiesToResources.java) small program.
> 
> ##### Man pages
> 
> 21u doesn't have [JDK-8344056: Use markdown format for man pages](https://bugs.openjdk.org/browse/JDK-8344056) (openjdk/jdk at 475feb064bb6b9dfd34fc52762e3e0ab825254ec), so changes from `jarsigner.md`, were applied to `jarsigner.1`.
> 
> #### Related issues ("relates to" Jira issue links)
> 
> [JDK-8353299](https://bugs.openjdk.org/browse/JDK-8353299 "VerifyJarEntryName.java test fails") (openjdk/jdk at acd4da49a01760599ec4c325ff6c56f53ba5cc9c) and [JDK-8367782](https://bugs.openjdk.org/browse/JDK-8367782 "VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName") (openjdk/jdk at 1b9a11682d5f73885213822423bfce8dfc17febd) were also included as part of this backport. They are test-only changes that improve the reliability and coverage of `VerifyJarEntryName.java`.
> 
> Since `test/hotspot/jtreg/runtime/cds/appcds/SignedJar.java` is not failing after the backport, [JDK-8353330](https://bugs.openjdk.org/browse/JDK-8353330 "Test runtime/cds/appcds/SignedJar.java fails in CDSHeapVerifier") was not included.
> 
> #### Testing
> 
> * Besides the `tier1` run from the [GitHub actions](https://github.com/franferrax/jdk21u-dev/actions/runs/17832391518) (all passed), I ran a regression using the following categories and individual tests:
>     * `test/hotspot/jtreg/runtime/cds/appcds/SignedJar.java`
>     *...

Please remove changes to `Resources_de.java`, `Resources_ja.java` and `Resources_zh_CN.java` since those are part of a different bug and usually get updated in bulk. Looks good otherwise.

-------------

Changes requested by sgehwolf (Reviewer).

PR Review: https://git.openjdk.org/jdk21u-dev/pull/2235#pullrequestreview-3245163053

More information about the jdk-updates-dev mailing list