RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing [v8]

[Weijun Wang]

On Tue, 11 Mar 2025 17:30:54 GMT, Kevin Driver <kdriver at openjdk.org> wrote:

>> JDK-8341775: In the case where there is a *single* META-INF directory but potentially *multiple* manifest files of different cases, print a warning before selecting the first one and ignoring the rest (the current behavior should be maintained).
>
> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
> 
>   review comments

src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 1993:

> 1991:                 hasMultipleManifests = true;
> 1992:             }
> 1993:         }

Can we put everything above in a try-with-resources block?

Also, are you sure we only print out this warning when `verbose != null`?

src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java line 160:

> 158:         {"jar.treated.unsigned.see.weak.verbose",
> 159:                 "WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:"},
> 160:         {"multiple.manifest.warning.", "Duplicate manifest entries were detected in the jar file. JarSigner will operate on the first one found and others will be discarded."},

I actually don't know which one will be operated on. If you are sure it is the first one, can you add some lines in the test to check this?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/22222#discussion_r1990173274
PR Review Comment: https://git.openjdk.org/jdk/pull/22222#discussion_r1990174513