RFR: 8309841: Jarsigner should print a warning if an entry is removed [v2]
Nibedita Jena
duke at openjdk.org
Thu Sep 12 16:04:06 UTC 2024
On Thu, 12 Sep 2024 15:32:44 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> There ~are two~ is one change~s~:
>>
>> 1. In `jarsigner -verify`, check a .SF file contains un-existing entries and print them out as
>>
>> Warning: nonexistent signed entries detected: [a]
>>
>> ~2. In `JarSigner::sign0`, when creating a new .SF file, only include signed file entries.~
>>
>> *Update*: Even when the JAR file is re-signed, the hash entry for the missing file will be in the new .SF file. There is no way to tell if this is for a file entry or a user-defined entry.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> test enhancements
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java line 167:
> 165: {"history.with.ts", "- Signed by \"%1$s\"\n Digest algorithm: %2$s\n Signature algorithm: %3$s, %4$s\n Timestamped by \"%6$s\" on %5$tc\n Timestamp digest algorithm: %7$s\n Timestamp signature algorithm: %8$s, %9$s"},
> 166: {"history.without.ts", "- Signed by \"%1$s\"\n Digest algorithm: %2$s\n Signature algorithm: %3$s, %4$s"},
> 167: {"history.nonexistent.entries", " Warning: nonexistent signed entries: "},
Inline with existing warning message, can it be "WARNING: Nonexistent signed entries: "
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19599#discussion_r1757164451
More information about the security-dev
mailing list