RFR: 8309841: Jarsigner should print a warning if an entry is removed
Kevin Driver
kdriver at openjdk.org
Thu Sep 12 15:05:07 UTC 2024
On Fri, 7 Jun 2024 15:11:29 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> There ~are two~ is one change~s~:
>
> 1. In `jarsigner -verify`, check a .SF file contains un-existing entries and print them out as
>
> Warning: nonexistent signed entries detected: [a]
>
> ~2. In `JarSigner::sign0`, when creating a new .SF file, only include signed file entries.~
>
> *Update*: Even when the JAR file is resigned, the hash entry for the missing file will be in the new .SF file. There is no way to tell if this is for a file entry or a user-defined entry.
test/jdk/sun/security/tools/jarsigner/RemovedFiles.java line 52:
> 50:
> 51: // Remove an entry after signing. There will be a warning.
> 52: JarUtils.deleteEntries(Path.of("a.jar"), "a");
No need to verify the execution was successful? Is throwing an IOException the only "unexpected" outcome?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19599#discussion_r1757054329
More information about the security-dev
mailing list