RFR: 8309841: Jarsigner should print a warning if an entry is removed
Weijun Wang
weijun at openjdk.org
Thu Sep 12 13:38:20 UTC 2024
There ~are two~ is one change~s~:
1. In `jarsigner -verify`, check a .SF file contains un-existing entries and print them out as
Warning: nonexistent signed entries detected: [a]
~2. In `JarSigner::sign0`, when creating a new .SF file, only include signed file entries.~
*Update*: Even when the JAR file is resigned, the hash entry for the missing file will be in the new .SF file. There is no way to tell if this is for a file entry or a user-defined entry.
-------------
Commit messages:
- merge
- rename
- revert the re-sign change, add one more warning
- some wording
- the code change
Changes: https://git.openjdk.org/jdk/pull/19599/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=19599&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8309841
Stats: 123 lines in 4 files changed: 122 ins; 0 del; 1 mod
Patch: https://git.openjdk.org/jdk/pull/19599.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/19599/head:pull/19599
PR: https://git.openjdk.org/jdk/pull/19599
More information about the security-dev
mailing list