8309841: Jarsigner should print a warning if an entry is removed #19599
Conversation
|
👋 Welcome back weijun! A progress list of the required criteria for merging this PR into |
|
@wangweij This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 287 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
openjdk
bot
added
security
|
/label remove core-libs |
|
@wangweij |
|
@wangweij This pull request has been inactive for more than 8 weeks and will be automatically closed if another 8 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration! |
|
Ask again for review. |
Webrevs
|
|
You can mark my above comments as resolved. |
|
CSR looks good to me. Clarifying that non-file entries in MANIFEST.MF could cause false positive is useful in the CSR. |
|
|
||
| {"history.with.ts", "- Signed by \"%1$s\"\n Digest algorithm: %2$s\n Signature algorithm: %3$s, %4$s\n Timestamped by \"%6$s\" on %5$tc\n Timestamp digest algorithm: %7$s\n Timestamp signature algorithm: %8$s, %9$s"}, | ||
| {"history.without.ts", "- Signed by \"%1$s\"\n Digest algorithm: %2$s\n Signature algorithm: %3$s, %4$s"}, | ||
| {"history.nonexistent.entries", " Warning: nonexistent signed entries: "}, |
There was a problem hiding this comment.
Inline with existing warning message, can it be "WARNING: Nonexistent signed entries: "
There was a problem hiding this comment.
This warning is a part of a block on signer info and I'd like the word does not stand out too much. For example, the test shows:
- Signed by "CN=x"
Digest algorithm: SHA-384
Signature algorithm: Ed25519, 255-bit key
Warning: nonexistent signed entries: [a]
|
Suggest to add testcases to remove more than one entry or file ending with "*" in RemovedFiles. |
|
Do you think it may be useful to have a testcase that falsely reports the missing entry? |
This can be a test to the
I'll add one. |
|
Thanks for adding more testcases for this PR. Changes look good. |
| {"key.bit.disabled", "%d-bit key (disabled)"}, | ||
| {"key.bit.eccurve.disabled", "%1$d-bit %2$s key (disabled)"}, | ||
| {"unknown.size", "unknown size"}, | ||
| {"nonexistent.entries.found", "Nonexistent signed entries detected. See details in -verbose output."}, |
There was a problem hiding this comment.
For the second sentence, in other warning messages, we say "Re-run jarsigner with the -verbose option for more details." Perhaps we should be consistent?
There was a problem hiding this comment.
Actually, I see the output will also contain the message "Re-run with the -verbose and -certs options for more details." so I take back my comment above.
There was a problem hiding this comment.
For this summary message, I suggest we be a bit more descriptive like in other messages:
"This jar contains signed entries for files that do not exist. See the -verbose output for more details."
| // Note: b* covers everything starting with b, even bx/x | ||
| JarUtils.deleteEntries(Path.of("a.jar"), "b*"); | ||
| Asserts.assertEquals(Set.of("c"), content("a.jar")); | ||
| } |
There was a problem hiding this comment.
You could also add a test where the pattern doesn't match, and a test where there is more than one pattern, and the matching pattern is not the first one.
openjdk
bot
added
ready
wangweij
changed the title
wangweij
changed the title
|
/integrate |
|
Going to push as commit bdfb41f.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
5 participants
There
are twois one changes:jarsigner -verify, check a .SF file contains un-existing entries and print them out as2. InJarSigner::sign0, when creating a new .SF file, only include signed file entries.Update: Even when the JAR file is re-signed, the hash entry for the missing file will be in the new .SF file. There is no way to tell if this is for a file entry or a user-defined entry.
Progress
Issues
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/19599/head:pull/19599$ git checkout pull/19599Update a local copy of the PR:
$ git checkout pull/19599$ git pull https://git.openjdk.org/jdk.git pull/19599/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 19599View PR using the GUI difftool:
$ git pr show -t 19599Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/19599.diff
Webrev
Link to Webrev Comment