RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing [v7]
Hai-May Chao
hchao at openjdk.org
Mon Mar 10 22:01:54 UTC 2025
On Mon, 10 Mar 2025 21:16:53 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 1986:
>>
>>> 1984: if(manifestNum > 1) {
>>> 1985: System.out.println();
>>> 1986: System.out.println(rb.getString("Warning."));
>>
>> Typically, we don’t print a warning immediately when a problem is detected. Instead, we log a flag and display the warnings later in the `displayMessagesAndResult` method. If a warning is printed too early, and there are a lot of additional lines after it (For example, with `-verbose` enabled and many entries), the warning may be overlooked.
>
> I see. I noted the `error` method but somehow I missed that warnings are collected and displayed via `displayMessagesAndResult`. I was planning to show the message as it happens, since that is what we do with the `error` method calls. This isn't exactly an "error," but I didn't see a `warn` (or similar) method.
It uses displayMessagesAndResult() where it will keep all of the warnings at https://github.com/openjdk/jdk/blob/master/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java#L1134 and emit them as needed later in this method.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22222#discussion_r1988084083
More information about the security-dev
mailing list