RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing [v7]
Lance Andersen
lancea at openjdk.org
Mon Mar 10 21:21:56 UTC 2025
On Mon, 10 Mar 2025 21:11:15 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> test/jdk/sun/security/tools/jarsigner/MultiManifest.jar line 1:
>>
>>> 1: PK������O�rY �META-INF/���PK���PK������O�rY�META-INF/MANIFEST.MF�M��LK-.�
>>
>> We usually do not include a binary file in the code repository. Can you generate one on the fly? Although JDK’s `ZipOutputStream` does not allow duplicate entries, you can add two entries whose names differ only by case. IIRC, when counting the number of manifests using `JUZFA.getManifestNum`, the check is case-insensitive.
>
> I made sure that there were other jars in this directory in the source tree before trying this approach. In fact, there are a few tests taking this same approach. The jar is < 1/2 KB.
I agree with max
We have been removing them from the zip/jar area and we do not want more binary files added to the work space
If you need help please ask but please do not move forward checking in a binary file
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22222#discussion_r1988040874
More information about the security-dev
mailing list