RFR: 8365559: jarsigner shows files non-existent if signed with a weak algorithm
Weijun Wang
weijun at openjdk.org
Thu Aug 14 16:30:15 UTC 2025
On Thu, 14 Aug 2025 16:09:33 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> See the bug report for details. Basically, entries in the SF set should always be removed no matter if it's treated signed or not.
>
> test/jdk/sun/security/tools/jarsigner/RemovedFiles.java line 44:
>
>> 42: = "This jar contains signed entries for files that do not exist. See the -verbose output for more details.";
>> 43: private static final String WEAK_UNSIGNED
>> 44: = "The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled";
>
> Need period at end of sentence.
Unfortunately not. Depending on whether `-verbose` is on, the command might show
> The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled.
or
> WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26781#discussion_r2277112011
More information about the security-dev
mailing list