[13] RFR 8228431: sun/security/tools/jarsigner/PreserveRawManifestEntryAndDigest.java fails intermittently on solaris

Xuelei Fan xuelei.fan at oracle.com
Wed Jul 31 05:11:23 UTC 2019 

Just a minimal comment.  You can leave it as is.  No more code review 
required for me.

PreserveRawManifestEntryAndDigest.java
--------------------------------------
I'm not very sure of line 63:

   63  * @run main jdk.test.lib.FileInstaller ...
   64  * @run testng/othervm/timeout=1200 ...

It's OK but I don't like the dependency between line 63 and 64.  The 
following code could be used in the test code if you want to avoid line 63.
    System.getProperty("test.src", ".") + "/no-native-provider.conf"

But it may not worthy an update here.

Is it required to remove the copied file in 63?

I'm fine as well if you want to exclude the test for Solaris platforms 
(my preference).  But please file a new bug if you find something 
unusual for Solaris platforms.

Thanks,
Xuelei


On 7/30/2019 9:31 PM, Weijun Wang wrote:
> Ping again.
> 
> This is the only security bug that must be resolved in JDK 13. Please.
> 
> Thanks,
> Max
> 
>> On Jul 26, 2019, at 10:57 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>
>> Please review the fix at
>>
>>    http://cr.openjdk.java.net/~weijun/8228431/webrev.00/
>>
>> The no-native-provider.conf file put SUN and SunRsaSign as the first 2 security providers and thus shadows the OracleUcrypto and SunPKCS11 providers used by Solaris. Please note that duplicated provider names are silently ignored so this is harmless. On other platforms, the first 2 providers are already SUN and SunRsaSign.
>>
>> I ran the test 200 times on solaris-sparcv9 and it does not fail once. Before this fix, it always fails on this platform.
>>
>> An alternative fix is to simply exclude the test from solaris-sparc using `@requires os.family != "solaris"`. I've fixed some other security/tools test failures using this solution. The reason is that these tests are testing platform-independent behaviors so it's OK to skip one platform. I don't think this test is platform-dependent in any way.
>>
>> Thanks,
>> Max
>>
>

More information about the security-dev mailing list