RFR: 8309841: Jarsigner should print a warning if an entry is removed [v6]
Sean Mullan
mullan at openjdk.org
Mon Sep 30 13:52:36 UTC 2024
On Fri, 27 Sep 2024 14:41:20 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> There ~are two~ is one change~s~:
>>
>> 1. In `jarsigner -verify`, check a .SF file contains un-existing entries and print them out as
>>
>> Warning: nonexistent signed entries detected: [a]
>>
>> ~2. In `JarSigner::sign0`, when creating a new .SF file, only include signed file entries.~
>>
>> *Update*: Even when the JAR file is re-signed, the hash entry for the missing file will be in the new .SF file. There is no way to tell if this is for a file entry or a user-defined entry.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> update warning message
test/lib-test/jdk/test/lib/util/JarUtilsTest.java line 59:
> 57: JarUtils.deleteEntries(Path.of("a.jar"), "b*");
> 58: Asserts.assertEquals(Set.of("c"), content("a.jar"));
> 59: }
You could also add a test where the pattern doesn't match, and a test where there is more than one pattern, and the matching pattern is not the first one.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19599#discussion_r1781174143
More information about the security-dev
mailing list