Some offhand questions
Alan Bateman
alan.bateman at oracle.com
Tue Aug 27 06:36:32 UTC 2024
On 26/08/2024 22:01, Ioi Lam wrote:
> *:*
> *
> *
> *The reason that CDS doesn't archive signed classes is because we
> aren't sure if we skip the whole signature checking process at run
> time, we can still ensure that all APIs related to code signing (eg
> Class.getSigners) can return the expected value.*
>
Just to add add that this was an issue when jlink was introduced in JDK
9 too. There was exploration into persisting the signer information into
the runtime image so that signer information is available at runtime if
needed. In the end, it didn't go too far and jlink now errors if you
attempt to link in a module that is signed, need to use
--ignore-signing-information to drop the signer information at link time.
Probably time to have another go as dropping signed JAR support from the
class path and module path as it's too troublesome and don't do what
people think.
-Alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/leyden-dev/attachments/20240827/fe87591e/attachment.htm>
More information about the leyden-dev
mailing list