RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing
Kevin Driver
kdriver at openjdk.org
Mon Mar 10 15:59:23 UTC 2025
On Thu, 21 Nov 2024 15:53:28 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> JDK-8341775: In the case where there is a *single* META-INF directory but potentially *multiple* manifest files of different cases, print a warning before selecting the first one and ignoring the rest (the current behavior should be maintained).
>>
>> **Note**: We cannot (so far) pass whether the verbose flag is set to the class that does this processing. We may want to add a property to the builder for this. As-is, the message will be printed via `System.err` whether verbose is set or not.
>
> I’d like to suggest creating a test program (for better long term support) that generates a JAR file with multiple manifest entries and then uses JarSigner.Builder() and JarSigner.sign(). The JarSigner.sign() will ultimately invoke getManifestFile(), ensuring that the new warning about multiple manifest entries is emitted.
@haimaychao: can you please re-review?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/22222#issuecomment-2711069275
More information about the security-dev
mailing list