Tim Ellison wrote:
George Harley wrote:
<snip>
The post I want to refer to does not seem to be in the
mailing list archive (!!??!)
I don't remember you saying that (and I would have remembered such an
eloquent and considered post ;-) )
I didn't get it either, and as he George said, it's not in the archive.
If anyone got it, can you let us know here (and once someone says they
got it, everyone else stop telling us - we just need to know if anyone
got it...)
geir
I still have mail that far back in my reader, and it looks like I didn't
get it either. Maybe it never hit the list.
p.s. +1 to the comment BTW
Regards,
Tim
so let me copy the relevant text in-line
here as I believe that what it says is important :
--- snip from dev-list append of 1st Feb 2006 by
[EMAIL PROTECTED] ---
Just to clarify your clarification of the question of current Harmony
behaviour ...
(A) With the current Harmony build it looks like there is *no attempt*
to verify the signature of a signed jar file that has been placed on the
bootclasspath. I know this because I took a signed BC provider jar (as
downloaded from http://www.bouncycastle.org), deliberately tampered with
the .SF file in the META-INF folder by removing a few lines, then added
the modified jar to the bootclasspath of a simple program that listed
the algorithms supported by the BC provider. Everything worked fine.
(B) With the current Harmony build it looks like an attempt is made at
verifying the signature of a signed jar in the jre/lib/ext directory.
The attempt fails because it involves trying to use functionality
exported by the jar currently being verified and so opens up a whole
problem with cycles.
To my mind, (B) is a definite bug that would be fixed by having a
default Harmony provider. The result of my little bit of playing with
(A) just reinforces the argument that relying on the bootclasspath to
load your third party providers is not er ... secure.
--- end of snip from dev-list append of 1st Feb 2006 by
[EMAIL PROTECTED] ---
Best regards,
George
IBM UK
Geir Magnusson Jr wrote:
Tim Ellison wrote:
Arghhh!
make it stop
From below:
-Xbootclasspath/a:${build.path}/tests${path.separator}${env.CLASSPATH}
putting the CLASSPATH onto the bootclasspath. What are you smokin' ?!
That was the patch :)
All that really is supposed to do is get junit and bcprov there. I'll
move.
geir
[ I know you are fixing this stuff, but I needed to vent ]
-------- Original Message --------
Subject: svn commit: r376144 -
/incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml
Date: Thu, 09 Feb 2006 01:44:21 -0000
From: [EMAIL PROTECTED]
Reply-To: harmony-dev@incubator.apache.org
To: [EMAIL PROTECTED]
Author: geirm
Date: Wed Feb 8 17:44:19 2006
New Revision: 376144
URL: http://svn.apache.org/viewcvs?rev=376144&view=rev
Log:
put the bootclasspath stuff back for classlib tests
because as I'm renaming some tests, it appears that
when things reordered, tests broke. On a lark, I put
it back, and things work. Scary.
Will investigate further, but wanted to fix so tests run
Also, changed one of the exclusion lists due to renaming.
Modified:
incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml
Modified:
incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml
URL:
http://svn.apache.org/viewcvs/incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml?rev=376144&r1=376143&r2=376144&view=diff
==============================================================================
---
incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml
(original)
+++
incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml
Wed Feb 8 17:44:19 2006
@@ -499,6 +499,8 @@
<env key="JAVA_HOME" value="${vm.home}"/>
<!-- to pick up junit.jar and bouncycastle.jar -->
+ <jvmarg
value="-Xbootclasspath/p:${build.jars.path}/crypto.jar${path.separator}${build.jars.path}/x_net.jar"/>
+
<jvmarg
value="-Xbootclasspath/a:${build.path}/tests${path.separator}${env.CLASSPATH}"/>
<jvmarg
value="-Djava.security.properties==${build.lib.path}/security/java.security"/>
@@ -518,7 +520,7 @@
<exclude
name="org/apache/harmony/security/test/**"/>
<!-- Harmony exclude list -->
- <exclude
name="java/security/AlgorithmParameterGeneratorTest1.java"/>
+ <exclude
name="java/security/AlgorithmParameterGenerator1Test.java"/>
<exclude name="java/security/KSBuilderTest.java"/>
<exclude
name="java/security/KeyPairGeneratorTest1.java"/>
<exclude
name="java/security/KeyPairGeneratorTest3.java"/>
