Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8309841: Jarsigner should print a warning if an entry is removed #3007

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

wkia
Copy link

@wkia wkia commented Feb 28, 2025

This is backport of "8309841: Jarsigner should print a warning if an entry is removed"

Original patch does not apply cleanly to jdk11, some minor conflicts, and also in test/jdk/sun/security/tools/jarsigner/RemovedFiles.java ed25519 algorithm was replaced with RSA, and _ was replaced with a variable, and added the check in src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java at line 1259.

We need this fix in jdk11 and below, down to jdk8, as all versions have this issue with jarsigner.

New tests successfully ran locally on Linux, x86_64.


Progress

  • Change must be properly reviewed (1 review required, with at least 1 Reviewer)
  • Change requires CSR request JDK-8334261 to be approved
  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • JDK-8309841 needs maintainer approval

Issues

  • JDK-8309841: Jarsigner should print a warning if an entry is removed (Enhancement - P3 - Approved)
  • JDK-8334261: Jarsigner should print a warning if an entry is removed (CSR)

Reviewers

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk11u-dev.git pull/3007/head:pull/3007
$ git checkout pull/3007

Update a local copy of the PR:
$ git checkout pull/3007
$ git pull https://git.openjdk.org/jdk11u-dev.git pull/3007/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 3007

View PR using the GUI difftool:
$ git pr show -t 3007

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk11u-dev/pull/3007.diff

Using Webrev

Link to Webrev Comment

@bridgekeeper
Copy link

bridgekeeper bot commented Feb 28, 2025

👋 Welcome back rmarchenko! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk
Copy link

openjdk bot commented Feb 28, 2025

@wkia This change now passes all automated pre-integration checks.

After integration, the commit message for the final commit will be:

8309841: Jarsigner should print a warning if an entry is removed

Reviewed-by: abakhtin, andrew

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 5 new commits pushed to the master branch:

  • bf78d9b: 8339728: [Accessibility,Windows,JAWS] Bug in the getKeyChar method of the AccessBridge class
  • 624cef6: 8351099: Bump update version of OpenJDK: 11.0.28
  • 8785172: 8026976: ECParameters, Point does not match field size
  • 289644a: 8346887: DrawFocusRect() may cause an assertion failure
  • ea3a0e4: 8328957: Update PKCS11Test.java to not use hardcoded path

Please see this link for an up-to-date comparison between the source branch of this pull request and the master branch.
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

As you do not have Committer status in this project an existing Committer must agree to sponsor your change. Possible candidates are the reviewers of this PR (@alexeybakhtin, @gnu-andrew) but any other Committer may sponsor as well.

➡️ To flag this PR as ready for integration with the above commit message, type /integrate in a new comment. (Afterwards, your sponsor types /sponsor in a new comment to perform the integration).

@openjdk openjdk bot changed the title Backport bdfb41f977258831e4b0ceaef5d016d095ab6e7f 8309841: Jarsigner should print a warning if an entry is removed Feb 28, 2025
@openjdk
Copy link

openjdk bot commented Feb 28, 2025

This backport pull request has now been updated with issue from the original commit.

@openjdk openjdk bot added backport rfr Pull request is ready for review labels Feb 28, 2025
@mlbridge
Copy link

mlbridge bot commented Feb 28, 2025

Webrevs

@wkia
Copy link
Author

wkia commented Mar 10, 2025

The test serviceability/sa/ClhsdbFindPC.java#id1 fails on Mac with timeout. I don't think it is related to the change.

Copy link
Contributor

@alexeybakhtin alexeybakhtin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the backport. LGTM

@openjdk
Copy link

openjdk bot commented Mar 10, 2025

⚠️ @wkia This change is now ready for you to apply for maintainer approval. This can be done directly in each associated issue or by using the /approval command.

@wkia
Copy link
Author

wkia commented Mar 13, 2025

/approval request I'd like to backport this to 11u-dev. We need this fix in jdk11 and below, down to jdk8, as all versions have this issue with jarsigner. Original patch does not apply cleanly to jdk11, some minor conflicts resolved, tests adapted. New tests successfully ran locally on Linux, x86_64.

@openjdk
Copy link

openjdk bot commented Mar 13, 2025

@wkia
8309841: The approval request has been created successfully.

@openjdk openjdk bot added the approval label Mar 13, 2025
@gnu-andrew
Copy link
Member

The test serviceability/sa/ClhsdbFindPC.java#id1 fails on Mac with timeout. I don't think it is related to the change.

I agree. I've just seen the same failure on another 11u PR.

Copy link
Member

@gnu-andrew gnu-andrew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Backport looks good. The different hasNonexistentEntries handling seems consistent with the lack of JDK-8250586 in 11u. EdDSA support was only added in OpenJDK 16 by JDK-8242068.

I couldn't see the _ replacement mentioned. Was this backport based on the 17u version?

@gnu-andrew
Copy link
Member

/approve yes

@openjdk
Copy link

openjdk bot commented Mar 20, 2025

@gnu-andrew
8309841: The approval request has been approved.

@openjdk openjdk bot added ready Pull request is ready to be integrated and removed approval labels Mar 20, 2025
@wkia
Copy link
Author

wkia commented Mar 20, 2025

/integrate

@openjdk openjdk bot added the sponsor Pull request is ready to be sponsored label Mar 20, 2025
@openjdk
Copy link

openjdk bot commented Mar 20, 2025

@wkia
Your change (at version 49da1bb) is now ready to be sponsored by a Committer.

@wkia
Copy link
Author

wkia commented Mar 20, 2025

_ replacement

It was done with the first commit as well as resolving conflicts, and replacing the absent alg with RSA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport ready Pull request is ready to be integrated rfr Pull request is ready for review sponsor Pull request is ready to be sponsored
Development

Successfully merging this pull request may close these issues.

3 participants