[jdk8u-dev] RFR: 8269039: Disable SHA-1 Signed JARs [v2]

[Alexey Bakhtin]

On Thu, 17 Nov 2022 15:51:46 GMT, Martin Balao <mbalao at openjdk.org> wrote:

>> @martinuy, thank you for the review again.
>> I've updated the existing oldsig.sh and added OldSig.props file. Now test validates the signature.
>
> @alexeybakhtin , thanks for addressing this concern.
> 
> What do you think about the following (minor) change to your proposal?
> 
> diff --git a/jdk/test/sun/security/tools/jarsigner/oldsig.sh b/jdk/test/sun/security/tools/jarsigner/oldsig.sh
> index fcc2293d5d..5c8e328367 100644
> --- a/jdk/test/sun/security/tools/jarsigner/oldsig.sh
> +++ b/jdk/test/sun/security/tools/jarsigner/oldsig.sh
> @@ -79,7 +79,8 @@ ${TESTJAVA}${FS}bin${FS}jarsigner \
>      -digestalg SHA1 \
>      B.jar c
>  
> -echo "${TESTJAVA}${FS}bin${FS}jarsigner -verify ${KS_ARGS} ${PROP_ARGS} -verbose B.jar"
> -LINES=`${TESTJAVA}${FS}bin${FS}jarsigner -verify ${KS_ARGS} ${PROP_ARGS} -verbose B.jar | grep smk | grep B.class | wc -l`
> +JAR_VERIFY_CMD="${TESTJAVA}${FS}bin${FS}jarsigner -verify ${KS_ARGS} ${PROP_ARGS} -verbose B.jar"
> +echo ${JAR_VERIFY_CMD}
> +LINES=`${JAR_VERIFY_CMD} | grep smk | grep B.class | wc -l`
>  [ $LINES = 1 ] || exit 1

@martinuy, Thank you! Sure it is better. Test updated

-------------

PR: https://git.openjdk.org/jdk8u-dev/pull/154