RFR: 8218021: Have jarsigner preserve posix permission attributes
Seán Coffey
sean.coffey at oracle.com
Tue Jun 30 13:51:57 UTC 2020
Thanks Lance.
During the CSR review, a suggestion was made to have jarsigner preserve
such attributes by default. Warnings about these attributes will also be
added during signing and verify operations (if detected).
webrev: https://cr.openjdk.java.net/~coffeys/webrev.8218021.v4/webrev/
regards,
Sean.
On 22/06/2020 17:17, Lance Andersen wrote:
> HI Sean,
>
> Looks OK based on our exchanges. Thank you for your time on this one!
>
> Best
> Lance
>
>> On Jun 22, 2020, at 7:22 AM, Seán Coffey <sean.coffey at oracle.com
>> <mailto:sean.coffey at oracle.com>> wrote:
>>
>> Thanks Lance.
>>
>> I've updated the patch with some extra offline feedback from yourself
>> and Max.
>> A new warning is printed with use of the new flag. A warning is also
>> printed when file posix permissions are detected on resources being
>> signed. Test updated for that also.
>>
>> https://cr.openjdk.java.net/~coffeys/webrev.8218021.v3/webrev/
>>
>> regards,
>> Sean.
>>
>> On 12/06/2020 17:05, Lance Andersen wrote:
>>> Hi Sean,
>>>
>>> I think your changes look fine so all good FMPOV.
>>>
>>> Best
>>> Lance
>>>
>>>> On Jun 12, 2020, at 6:21 AM, Seán Coffey <sean.coffey at oracle.com
>>>> <mailto:sean.coffey at oracle.com>> wrote:
>>>>
>>>> Hi,
>>>>
>>>> I'd like to reboot this jarsigner enhancement request[1]. I've
>>>> removed the problem references to zip file name extensions.
>>>> Instead, there's a new JDK implementation specific jarsigner
>>>> option: -keepposixperms
>>>>
>>>> https://bugs.openjdk.java.net/browse/JDK-8218021
>>>> https://cr.openjdk.java.net/~coffeys/webrev.8218021.v2/webrev/
>>>>
>>>> regards,
>>>> Sean.
>>>>
>>>> [1]
>>>> http://mail.openjdk.java.net/pipermail/security-dev/2020-January/021141.html
>>>>
>>>
>>> <oracle_sig_logo.gif>
>>> <http://oracle.com/us/design/oracle-email-sig-198324.gif>
>>> <http://oracle.com/us/design/oracle-email-sig-198324.gif><http://oracle.com/us/design/oracle-email-sig-198324.gif>
>>> <http://oracle.com/us/design/oracle-email-sig-198324.gif>Lance
>>> Andersen| Principal Member of Technical Staff | +1.781.442.2037
>>> Oracle Java Engineering
>>> 1 Network Drive
>>> Burlington, MA 01803
>>> Lance.Andersen at oracle.com <mailto:Lance.Andersen at oracle.com>
>>>
>>>
>>>
>
> <http://oracle.com/us/design/oracle-email-sig-198324.gif>
> <http://oracle.com/us/design/oracle-email-sig-198324.gif><http://oracle.com/us/design/oracle-email-sig-198324.gif>
> <http://oracle.com/us/design/oracle-email-sig-198324.gif>Lance
> Andersen| Principal Member of Technical Staff | +1.781.442.2037
> Oracle Java Engineering
> 1 Network Drive
> Burlington, MA 01803
> Lance.Andersen at oracle.com <mailto:Lance.Andersen at oracle.com>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20200630/3d706202/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: oracle_sig_logo.gif
Type: image/gif
Size: 658 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20200630/3d706202/oracle_sig_logo.gif>
More information about the security-dev
mailing list