RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing [v13]
Hai-May Chao
hchao at openjdk.org
Thu Mar 13 21:21:59 UTC 2025
On Thu, 13 Mar 2025 18:55:38 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> JDK-8341775: In the case where there is a *single* META-INF directory but potentially *multiple* manifest files of different cases, print a warning before selecting the first one and ignoring the rest (the current behavior should be maintained).
>
> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>
> test case modifications
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/resources/jarsigner.properties line 99:
> 97: jar.treated.unsigned.see.weak=The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled.\n\nRe-run jarsigner with the -verbose option for more details.
> 98: jar.treated.unsigned.see.weak.verbose=WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:
> 99: multiple.manifest.warning.=Duplicate manifest entries were detected in the jar file. JarSigner will operate on only one and the others will be discarded.
Shall we have a a past-tense phrase to make it clearer that the extra entries were actually deleted? Something like:
"Duplicate manifest entries were detected in the JAR file. JarSigner operated on only one, and the others have been discarded."
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22222#discussion_r1994316284
More information about the security-dev
mailing list