[jdk8u-dev] RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC [v2]

Alexey Bakhtin abakhtin at openjdk.org
Tue Oct 7 20:32:28 UTC 2025 

On Fri, 19 Sep 2025 18:51:57 GMT, Francisco Ferrari Bihurriet <fferrari at openjdk.org> wrote:

>> Hi, this is a backport of openjdk/jdk11u-dev#3098. The backport isn't clean, because of the following:
>> 
>> * File paths that require adjustment for 8u
>> * In `Main.java`, trivial context differences and code that needs adjustment from 11u to 8u:
>>     * `java.nio.file.Path.of()` ⟶ `java.nio.file.Paths.get()`
>>     * `InputStream::transferTo(OutputStream.nullOutputStream())` ⟶ [original code before a review suggestion](https://github.com/openjdk/jdk/pull/23532/commits/ef546f4b778e8a1f43dbedc56a79bb53d169a1e7#diff-7083af3b8473a092987afa0bbb4d1694664649534bac716f6b9cd3c3b9833219L1185-L1186)
>> * In the test (`VerifyJarEntryName.java`), code that needs adjustment from 11u to 8u:
>>     * `@library /test/lib` ⟶ `@library /lib/testlibrary`
>>     * JUnit 5 ⟶ JUnit 4
>>         * `org.junit.jupiter.api.BeforeAll` ⟶ `org.junit.BeforeClass`
>>         * `org.junit.jupiter.api.BeforeEach` ⟶ `org.junit.Before`
>>         * `org.junit.jupiter.api.Test` ⟶ `org.junit.Test`
>>         * `java.nio.file.Path.of()` ⟶ `java.nio.file.Paths.get()`
>>         * `@BeforeClass`, `@Before` and `@Test` methods must be public
>>     * Can't use `var`
>>     * `Arrays.equals(a, start, end, b, 0, b.length)` ⟶ `Arrays.equals(Arrays.copyOfRange(a, start, end), b)` (`Arrays::equals` with offsets not present in 8u)
>> * ~~NOTE: for the Japanese manpages translation approach, please refer to openjdk/jdk11u-dev#3098~~
>>     * ~~I updated `jdk/src/linux/doc/man/ja/jarsigner.1` and `jdk/src/solaris/doc/sun/man/man1/ja/jarsigner.1` (identical), and left `dk/src/bsd/doc/man/ja/jarsigner.1` untouched (doesn't have any content besides the headers)~~
>>     * $\mbox{\color{red}UPDATE}$ (28348b29f892b685d9098c4560128a8bfb206afd): all the internationalized messages have been removed, as they aren't typically included in backports (thanks @jerboaa for letting me know).
>> 
>> #### Related issues ("relates to" Jira issue links)
>> 
>> [JDK-8353299](https://bugs.openjdk.org/browse/JDK-8353299 "VerifyJarEntryName.java test fails") (openjdk/jdk at acd4da49a01760599ec4c325ff6c56f53ba5cc9c) and [JDK-8367782](https://bugs.openjdk.org/browse/JDK-8367782 "VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName") (openjdk/jdk at 1b9a11682d5f73885213822423bfce8dfc17febd) were also included as part of this backport. They are test-only changes that improve the reliability and coverage of `VerifyJarEntryName.java`.
>> 
>> Since `test/hotspot/jtreg/runtime/appcds/SignedJar.java` is ...
>
> Francisco Ferrari Bihurriet has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Remove internationalized messages

LGTM
CI failures look unrelated
All related jarsigner tests passed

-------------

Marked as reviewed by abakhtin (Committer).

PR Review: https://git.openjdk.org/jdk8u-dev/pull/699#pullrequestreview-3311782848

More information about the jdk8u-dev mailing list