RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing
Hai-May Chao
hchao at openjdk.org
Thu Nov 21 15:56:15 UTC 2024
On Mon, 18 Nov 2024 22:40:40 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
> JDK-8341775: In the case where there is a *single* META-INF directory but potentially *multiple* manifest files of different cases, print a warning before selecting the first one and ignoring the rest (the current behavior should be maintained).
>
> **Note**: We cannot (so far) pass whether the verbose flag is set to the class that does this processing. We may want to add a property to the builder for this. As-is, the message will be printed via `System.err` whether verbose is set or not.
I’d like to suggest creating a test program (for better long term support) that generates a JAR file with multiple manifest entries and then uses JarSigner.Builder() and JarSigner.sign(). The JarSigner.sign() will ultimately invoke getManifestFile(), ensuring that the new warning about multiple manifest entries is emitted.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/22222#issuecomment-2491609907
More information about the security-dev
mailing list