RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing [v8]
Kevin Driver
kdriver at openjdk.org
Thu Mar 13 16:52:57 UTC 2025
On Tue, 11 Mar 2025 21:52:25 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>>
>> review comments
>
> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java line 160:
>
>> 158: {"jar.treated.unsigned.see.weak.verbose",
>> 159: "WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:"},
>> 160: {"multiple.manifest.warning.", "Duplicate manifest entries were detected in the jar file. JarSigner will operate on the first one found and others will be discarded."},
>
> I actually don't know which one will be operated on. If you are sure it is the first one, can you add some lines in the test to check this?
There is another test which checks this behavior: `test/jdk/tools/jar/MultipleManifestTest.java`. Also, it's not really in the scope of the change we're testing here. I've modified the message to be less specific.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22222#discussion_r1993941458
More information about the security-dev
mailing list