Code Review request for new "jsign" tool
Sean Mullan
sean.mullan at oracle.com
Tue May 10 10:10:51 PDT 2011
I have moved the signing code out of the "jpkg" tool and into a new "jsign" tool
so that existing module-files can be signed. See [1] for rationale.
Here is the new command line syntax:
usage: jsign [-v] [--keystore <keystore-location>] [--storetype <keystore-type>]
[--protected] [--tsa <url>] [--signedmodulefile <signed-module-file>]
<module-file> <signer-alias>
Option Description
------ -----------
-?, -h, --help Show this help message
-f, --signedmodulefile <File: path> File name of signed module file
-k, --keystore <location> URL or file name of module signer's
keystore location
-p, --protected Do not prompt for a keystore password
-s, --storetype <type> Module signer's keystore type
-t, --tsa <URI: location> URL of Time Stamping Authority
-v, --verbose Enable verbose output
webrev: http://cr.openjdk.java.net/~mullan/jigsaw/webrevs/jsign/webrev.00/
I encountered one issue with the module-file format [2] which should be
addressed. Ideally, when a signature is generated over an existing module file,
none of the contents of that module file should be modified. However, there is
one field (the sections field in the module file header) that breaks that rule,
because the signature itself is a section, and therefore the number of sections
needs to be incremented by one. It may be possible to do that, but it would
result in the code being much more complex. Thus, I would like to propose that
this field be changed to be the number of sections following the module-info
section (or the signature section if included), i.e. the number of sections in
the "rest" of the module. This would not affect the Reader implementation, as it
only uses this field to determine how many sections it needs to read in the rest
of the module.
--Sean
[1] http://mail.openjdk.java.net/pipermail/jigsaw-dev/2011-April/001278.html
[2] http://cr.openjdk.java.net/~mr/jigsaw/notes/module-file-format/
More information about the jigsaw-dev
mailing list