8278851: Correct signer logic for jars signed with multiple digest algorithms #282
Conversation
|
👋 Welcome back sgehwolf! A progress list of the required criteria for merging this PR into |
openjdk
bot
changed the title
|
This backport pull request has now been updated with issue from the original commit. |
|
GHA failure on Linux x86 (32 bit) of |
|
@martinuy Hi! Could you please help review this? Thanks. |
There was a problem hiding this comment.
Hi @jerboaa ,
Thanks for contributing this backport. Looks good to me. I've run the JarWithOneNonDisabledDigestAlg test locally and passes.
Minor note —which is not worth any change to the current proposal, in my view—: the list that List.of returns is unmodifiable, which is not the case for Arrays.asList.
Just out of curiosity, was there a reason for placing JarWithOneNonDisabledDigestAlg into a new disdigest directory? I see that in 11u and above is in the jarsigner directory.
Thanks,
Martin.-
|
@jerboaa This change now passes all automated pre-integration checks. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 12 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
|
Thanks for the review!
OK. I could wrap it in
Yes, the test failed when adding to the |
There was a problem hiding this comment.
8u backport looks correct. I had the same comment about List.of vs asList as Martin. It's not worth changing here, but, given how frequently this comes up, we should probably look at having a utility method to handle the conversion.
I see the lack of JDK-8056174 results in having to rewrite the signJarFile method completely to call the external program, as there is no programmatic access to jar signing. Too risky to backport this just for a nicer test.
Approved for 8u
|
Thanks! /integrate |
|
Going to push as commit f1c1f96.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
Please review this backport which fixes a regression new in 8u362 due to JDK-8269039. For some jars which are signed with an obsolete digest algorithm, after JDK-8269039, they're treated as unsigned even though one of the signatories used a valid (non-obsolete) digest algo.
The backport is not clean, mainly because of JDK-8275887 (which in 11u wasn't present when that bug was backported), copyright headers and different test infra in 8u. So the test looks a bit different so that it works on 8u. All of the changes are fairly trivial to resolve. Changes in
SecurityUtils.javaaren't needed as 8u-dev already has them.Testing:
jdk/test/sun/security/tools/jarsignertests pass.Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk8u-dev.git pull/282/head:pull/282$ git checkout pull/282Update a local copy of the PR:
$ git checkout pull/282$ git pull https://git.openjdk.org/jdk8u-dev.git pull/282/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 282View PR using the GUI difftool:
$ git pr show -t 282Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk8u-dev/pull/282.diff
Webrev
Link to Webrev Comment