RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing [v13]
Weijun Wang
weijun at openjdk.org
Thu Mar 13 23:28:59 UTC 2025
On Thu, 13 Mar 2025 21:18:31 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>>
>> test case modifications
>
> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/resources/jarsigner.properties line 99:
>
>> 97: jar.treated.unsigned.see.weak=The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled.\n\nRe-run jarsigner with the -verbose option for more details.
>> 98: jar.treated.unsigned.see.weak.verbose=WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:
>> 99: multiple.manifest.warning.=Duplicate manifest entries were detected in the jar file. JarSigner will operate on only one and the others will be discarded.
>
> Shall we have a a past-tense phrase to make it clearer that the extra entries were actually deleted? Something like:
> "Duplicate manifest entries were detected in the JAR file. JarSigner operated on only one, and the others have been discarded."
Maybe. When this warning shows up, the extra entries have already been removed.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22222#discussion_r1994425115
More information about the security-dev
mailing list