RFR: 8309841: Jarsigner should print a warning if an entry is removed
Weijun Wang
weijun at openjdk.org
Thu Sep 12 13:38:20 UTC 2024
On Fri, 7 Jun 2024 15:11:29 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> There ~are two~ is one change~s~:
>
> 1. In `jarsigner -verify`, check a .SF file contains un-existing entries and print them out as
>
> Warning: nonexistent signed entries detected: [a]
>
> ~2. In `JarSigner::sign0`, when creating a new .SF file, only include signed file entries.~
>
> *Update*: Even when the JAR file is resigned, the hash entry for the missing file will be in the new .SF file. There is no way to tell if this is for a file entry or a user-defined entry.
Ask again for review.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/19599#issuecomment-2346292277
More information about the security-dev
mailing list