RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing [v13]
Hai-May Chao
hchao at openjdk.org
Fri Mar 14 16:03:01 UTC 2025
On Thu, 13 Mar 2025 23:26:50 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/resources/jarsigner.properties line 99:
>>
>>> 97: jar.treated.unsigned.see.weak=The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled.\n\nRe-run jarsigner with the -verbose option for more details.
>>> 98: jar.treated.unsigned.see.weak.verbose=WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:
>>> 99: multiple.manifest.warning.=Duplicate manifest entries were detected in the jar file. JarSigner will operate on only one and the others will be discarded.
>>
>> Shall we have a a past-tense phrase to make it clearer that the extra entries were actually deleted? Something like:
>> "Duplicate manifest entries were detected in the JAR file. JarSigner operated on only one, and the others have been discarded."
>
> Maybe. When this warning shows up, the extra entries have already been removed.
Thanks for the update.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22222#discussion_r1995833653
More information about the security-dev
mailing list