RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing
Kevin Driver
kdriver at openjdk.org
Wed Nov 20 13:52:19 UTC 2024
On Wed, 20 Nov 2024 02:18:15 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
> The original code uses zf.getEntry() first which is direct and may not need to iterate over all entries in the ZIP file, and it does not issue a warning for multiple manifest entries. The new change uses the zf.stream() approach to iterate on the entire ZIP file first, and will it be more costly for a large archives? But to be able to issue a warning, your change looks reasonable to me.
Thank you. I agree there is some performance penalty, but (as you say) it is necessary to be able to issue the warning.
> Would you consider adding a test case to test the new warning message?
See the PR description. I'm not sure how practical adding one would be. Do you have any suggestions for the best way to go about it?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/22222#issuecomment-2488635386
PR Comment: https://git.openjdk.org/jdk/pull/22222#issuecomment-2488637165
More information about the security-dev
mailing list