RFR: 8337496: Improve jarsigner utility handling of missing content [v8]
Weijun Wang
weijun at openjdk.org
Wed Oct 2 16:05:57 UTC 2024
> There ~are two~ is one change~s~:
>
> 1. In `jarsigner -verify`, check a .SF file contains un-existing entries and print them out as
>
> Warning: nonexistent signed entries detected: [a]
>
> ~2. In `JarSigner::sign0`, when creating a new .SF file, only include signed file entries.~
>
> *Update*: Even when the JAR file is re-signed, the hash entry for the missing file will be in the new .SF file. There is no way to tell if this is for a file entry or a user-defined entry.
Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
modify bug id
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/19599/files
- new: https://git.openjdk.org/jdk/pull/19599/files/7ad36e10..85c57dcf
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=19599&range=07
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=19599&range=06-07
Stats: 2 lines in 2 files changed: 0 ins; 1 del; 1 mod
Patch: https://git.openjdk.org/jdk/pull/19599.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/19599/head:pull/19599
PR: https://git.openjdk.org/jdk/pull/19599
More information about the security-dev
mailing list