jpkg enhancements to create signed modules

[Mark Reinhold]

> Date: Mon, 10 May 2010 14:40:03 -0400
> From: sean.mullan at oracle.com

> Vinnie discovered a small issue with the signed module file format [1] while
> implementing.
> 
> The module header in the module file format [2] includes a field named csize
> which holds the size of the module file. The value of this field is not known
> until the contents of the module file has been written. The csize also includes
> the size of the signature section, but the signature cannot be written until
> all of the hashes have been generated. Two of those hashes (the module header
> hash and the whole file hash) are over content containing the csize field. Thus
> there is a circular dependency issue.
> 
> The current implementation works around this by first writing a dummy signature
> and then later replacing it with the real signature once the overall size of
> the signature is known.

Won't it still be necessary to write a dummy signature even if the csize
field is omitted?

> However, this is not an optimal solution.
> 
> The simplest fix would be to not include csize in the hashes. Another
> possibility is to not sign the module header, as most of the information
> contained in the header is part of initializing the processing of the file
> itself, and any modifications would likely lead to an error before the
> signature is validated anyway.

Yet another solution is simply to remove the csize field from module-file
headers.

It's read by the module-repository code when publishing a module, but the
compressed size of a module can just as easily be determined by asking
the filesystem.

Unless someone sees a need for this field, let's remove it.

- Mark