RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing
Hai-May Chao
hchao at openjdk.org
Wed Nov 20 02:22:19 UTC 2024
On Mon, 18 Nov 2024 22:40:40 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
> JDK-8341775: In the case where there is a *single* META-INF directory but potentially *multiple* manifest files of different cases, print a warning before selecting the first one and ignoring the rest (the current behavior should be maintained).
>
> **Note**: We cannot (so far) pass whether the verbose flag is set to the class that does this processing. We may want to add a property to the builder for this. As-is, the message will be printed via `System.err` whether verbose is set or not.
The original code uses zf.getEntry() first which is direct and may not need to iterate over all entries in the ZIP file, and it does not issue a warning for multiple manifest entries. The new change uses the zf.stream() approach to iterate on the entire ZIP file first, and will it be more costly for a large archives? But to be able to issue a warning, your change looks reasonable to me.
Would you consider adding a test case to test the new warning message?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/22222#issuecomment-2487184049
PR Comment: https://git.openjdk.org/jdk/pull/22222#issuecomment-2487186567
More information about the security-dev
mailing list