-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
8280890: Cannot use '-Djava.system.class.loader' with class loader in signed JAR #29
Conversation
… signed JAR Reviewed-by: weijun, hchao
👋 Welcome back sgehwolf! A progress list of the required criteria for merging this PR into |
This backport pull request has now been updated with issue from the original commit. |
@gnu-andrew @martinuy Can you please help review this? Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The keytool changes are from JDK-8273236, another recent fix relating to this SHA-1 deprecation. If the SHA-1 deprecation itself had been integrated a bit earlier, it might have made 8u362.
I don't think that's critical enough to try and get in at this stage [edit: to clarify, I mean JDK-8273236]. I'll propose it for 8u-dev in the new year with the removals from this patch omitted.
The other changes look sensible. Can you enable actions so that builds & tests are run? Once they look good, I'll approve. Thanks.
OK |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, I see tests running now at https://github.com/jerboaa/jdk8u/actions/runs/3766931919
@jerboaa This change now passes all automated pre-integration checks. After integration, the commit message for the final commit will be:
You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been no new commits pushed to the ➡️ To integrate this PR with the above commit message to the |
Thanks for the review, labelled the bug |
And approved. |
/integrate |
Going to push as commit ebc5e19. |
Please review this critical fix which fixes a regression introduced with with JDK-8269039: Disable SHA-1 Signed JARs which was included in
8u362
(note that8u352
is not affected as JDK-8269039 is not there). This should be low-risk as it mainly removes use ofjava.util.Calendar
API usage inDisabledAlgorithmConstraints
which can cause issues with applications that containCalendarDataProvider
s in signed jars.Proposing as critical fix so that we don't regress in that regard in 8u362.
Please review this backport. The changes in
keytool/Main.java
didn't apply. Those aren't critical changes for this patch, so I've omitted them. In addition, the test needed some changes to make it work with JDK 8 (comparing to the 11u version). UsedIOUtils.readAllBytes()
overInputStream.readAllBytes()
in the custom classloader class, fixed some test lib imports and declaredThrowable
to be thrown inmain
asProcessTools.executeProcess
throwsThrowable
overException
in 8u.Regression test fails prior (current jdk8u tree, without this patch) and passes after the product fix.
Progress
Issue
Reviewers
Reviewing
Using
git
Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk8u pull/29/head:pull/29
$ git checkout pull/29
Update a local copy of the PR:
$ git checkout pull/29
$ git pull https://git.openjdk.org/jdk8u pull/29/head
Using Skara CLI tools
Checkout this PR locally:
$ git pr checkout 29
View PR using the GUI difftool:
$ git pr show -t 29
Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk8u/pull/29.diff