RFR: 8309841: Jarsigner should print a warning if an entry is removed
Kevin Driver
kdriver at openjdk.org
Thu Sep 12 15:01:04 UTC 2024
On Fri, 7 Jun 2024 15:11:29 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> There ~are two~ is one change~s~:
>
> 1. In `jarsigner -verify`, check a .SF file contains un-existing entries and print them out as
>
> Warning: nonexistent signed entries detected: [a]
>
> ~2. In `JarSigner::sign0`, when creating a new .SF file, only include signed file entries.~
>
> *Update*: Even when the JAR file is resigned, the hash entry for the missing file will be in the new .SF file. There is no way to tell if this is for a file entry or a user-defined entry.
test/lib/jdk/test/lib/util/JarUtils.java line 344:
> 342: if (name.startsWith(pattern.substring(
> 343: 0, pattern.length() - 1))) {
> 344: continue top;
Some comments might be good in this section of the code, explaining the conditions where we want to iterate through to the next pattern vs using the labeled continue to jump out of the for loop.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19599#discussion_r1757048253
More information about the security-dev
mailing list