Re: [Fwd: svn commit: r376144 - /incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml]

Thu, 09 Feb 2006 06:33:17 -0800 


George Harley wrote:

Hi,


Is it really the case that the BC provider jar needs to be on the boot 
classpath ? 


Probably not.

There was some discussion on this a little over a week ago

on this thread about the contribution of the beans, math and regex 
libraries. The post I want to refer to does not seem to be in the 
mailing list archive (!!??!) so let me copy the relevant text in-line 
here as I believe that what it says is important :




--- snip from dev-list append of 1st Feb 2006 by 
[EMAIL PROTECTED] ---



Just to clarify your clarification of the question of current Harmony 
behaviour ...



(A) With the current Harmony build it looks like there is *no attempt* 
to verify the signature of a signed jar file that has been placed on the 
bootclasspath. I know this because I took a signed BC provider jar (as 
downloaded from http://www.bouncycastle.org), deliberately tampered with 
the .SF file in the META-INF folder by removing a few lines, then added 
the modified jar to the bootclasspath of a simple program that listed 
the algorithms supported by the BC provider. Everything worked fine.



(B) With the current Harmony build it looks like an attempt is made at 
verifying the signature of a signed jar in the jre/lib/ext directory. 
The attempt fails because it involves trying to use functionality 
exported by the jar currently being verified and so opens up a whole 
problem with cycles.
To my mind, (B) is a definite bug that would be fixed by having a 
default Harmony provider. The result of my little bit of playing with 
(A) just reinforces the argument that relying on the bootclasspath to 
load your third party providers is not er ... secure.


That's obvious.  We just have to fix it.





--- end of snip from dev-list append of 1st Feb 2006 by 
[EMAIL PROTECTED] ---



Best regards,
George
IBM UK


Geir Magnusson Jr wrote:



Tim Ellison wrote:

Arghhh!

make it stop


From below:

 -Xbootclasspath/a:${build.path}/tests${path.separator}${env.CLASSPATH}


putting the CLASSPATH onto the bootclasspath.  What are you smokin' ?!


That was the patch :)


All that really is supposed to do is get junit and bcprov there.  I'll 
move.


geir




[ I know you are fixing this stuff, but I needed to vent ]


-------- Original Message --------
Subject: svn commit: r376144 -

/incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml 


Date: Thu, 09 Feb 2006 01:44:21 -0000
From: [EMAIL PROTECTED]
Reply-To: harmony-dev@incubator.apache.org
To: [EMAIL PROTECTED]

Author: geirm
Date: Wed Feb  8 17:44:19 2006
New Revision: 376144

URL: http://svn.apache.org/viewcvs?rev=376144&view=rev
Log:
put the bootclasspath stuff back for classlib tests
because as I'm renaming some tests, it appears that
when things reordered, tests broke.  On a lark, I put
it back, and things work.  Scary.

Will investigate further, but wanted to fix so tests run

Also, changed one of the exclusion lists due to renaming.


Modified:


incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml 



Modified:

incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml 


URL:

http://svn.apache.org/viewcvs/incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml?rev=376144&r1=376143&r2=376144&view=diff 

============================================================================== 


---

incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml 


(original)
+++

incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml 


Wed Feb  8 17:44:19 2006
@@ -499,6 +499,8 @@
             <env key="JAVA_HOME" value="${vm.home}"/>

             <!-- to pick up junit.jar and bouncycastle.jar -->
+            <jvmarg

value="-Xbootclasspath/p:${build.jars.path}/crypto.jar${path.separator}${build.jars.path}/x_net.jar"/> 


+
             <jvmarg

value="-Xbootclasspath/a:${build.path}/tests${path.separator}${env.CLASSPATH}"/> 



             <jvmarg

value="-Djava.security.properties==${build.lib.path}/security/java.security"/> 


@@ -518,7 +520,7 @@

                     <exclude 
name="org/apache/harmony/security/test/**"/>

                                         <!-- Harmony exclude list -->
-                    <exclude
name="java/security/AlgorithmParameterGeneratorTest1.java"/>
+                    <exclude
name="java/security/AlgorithmParameterGenerator1Test.java"/>
                     <exclude name="java/security/KSBuilderTest.java"/>

                     <exclude 
name="java/security/KeyPairGeneratorTest1.java"/>
                     <exclude 
name="java/security/KeyPairGeneratorTest3.java"/>
































					Reply via email to