RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC [v14]
Sean Mullan
mullan at openjdk.org
Wed Mar 26 14:52:22 UTC 2025
On Wed, 26 Mar 2025 12:48:25 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Updated with Sean's comments
>
> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/resources/jarsigner.properties line 216:
>
>> 214: manifest.attribute.1.differs.jarfile.value.2.jarinputstream.value.3=Manifest attribute %1$s differs: JarFile value = %2$s, JarInputStream value = %3$s
>> 215: Entry.1.present.when.reading.jarinputstream.but.missing.via.JarFile=Entry %s is present when reading via JarInputStream but missing when reading via JarFile
>> 216: entry.1.present.in.jarfile.but.unreadable=Entry %s is present in JarFile but unreadable
>
> Shouldn't this be the opposite of "entry.1.present.when.reading.jarinputstream.but.missing.via.JarFile":
>
> "Entry %s is present when reading via JarFile but missing when reading via JarInputStream"
Actually never mind, I see that this warning is if there is an entry but no input stream. So ignore my comment.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23532#discussion_r2014355667
More information about the security-dev
mailing list