Re: RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Mandy Chung
> On Nov 7, 2016, at 5:48 AM, Jim Laskey (Oracle) > wrote: > > http://cr.openjdk.java.net/~jlaskey/8159393/webrev/index.html I notice that this webrev has been updated with the new -—ignore-signing-information option, which is fine. The following creates the image with IGNORE_SIGNING_DEFAULT

Re: RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Sean Mullan
On 11/7/16 11:21 AM, Sundararajan Athijegannathan wrote: Looks good to me. PS. jmods, jars are not modified by jlink. Only a new image directory is generated. So, strip-signing-info confusion is unlikely. I still find it confusing. If I saw that option, I would hesitate to use it until I was

Re: RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Sundararajan Athijegannathan
Looks good to me. PS. jmods, jars are not modified by jlink. Only a new image directory is generated. So, strip-signing-info confusion is unlikely. -Sundar On 11/7/2016 9:36 PM, Sean Mullan wrote: > On 11/7/16 9:13 AM, Jim Laskey (Oracle) wrote: >> The bug https://bugs.openjdk.java.net/browse/J

Re: RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Jim Laskey (Oracle)
Suits me. > On Nov 7, 2016, at 12:06 PM, Sean Mullan wrote: > > On 11/7/16 9:13 AM, Jim Laskey (Oracle) wrote: >> The bug https://bugs.openjdk.java.net/browse/JDK-8159393 >> is really about >> warning developers that their image does not suppor

Re: RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Sean Mullan
On 11/7/16 9:13 AM, Jim Laskey (Oracle) wrote: The bug https://bugs.openjdk.java.net/browse/JDK-8159393 is really about warning developers that their image does not support signing. If they are okay with that then they can override with --strip-

Re: RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Jim Laskey (Oracle)
It’s the lack of inclusion as oppose to exclusion. > On Nov 7, 2016, at 10:33 AM, Wang Weijun wrote: > > Great. I asked the question because you will need the exact same check to > determine what files should be ignored and I thought they should appear in > the same webrev. If it's already don

Re: RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Wang Weijun
Great. I asked the question because you will need the exact same check to determine what files should be ignored and I thought they should appear in the same webrev. If it's already done somewhere else please make sure it is the same. Thanks Max > 在 2016年11月7日,22:11,Jim Laskey (Oracle) 写道: >

Re: RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Wang Weijun
The code block below checking if a jar file was signed is correct. There is one thing I don't understand, the --strip-signing-information option. It looks like you will remove the signature-related files if this option is set. But, where are they stripped? Thanks Max On 11/7/2016 9:48 PM, Ji

Re: RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Jim Laskey (Oracle)
The bug https://bugs.openjdk.java.net/browse/JDK-8159393 is really about warning developers that their image does not support signing. If they are okay with that then they can override with --strip-signing-information. — Jim > On Nov 7, 201

Re: RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Alan Bateman
On 07/11/2016 13:26, Jim Laskey (Oracle) wrote: Revising to String name = entry.name().toUpperCase(Locale.ENGLISH); return name.startsWith("META-INF/") && name.indexOf('/', 9) == -1 && ( name.endsWith(".SF") ||

Re: RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Jim Laskey (Oracle)
The security entries are (have been) ignored when building the image. At some future date (post-9), we need to decide how to sign an image. — Jim > On Nov 7, 2016, at 10:06 AM, Wang Weijun wrote: > > The code block below checking if a jar file was signed is correct. > > There is one thing I

Re: RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Jim Laskey (Oracle)
Apologies for the poor links earlier. http://cr.openjdk.java.net/~jlaskey/8159393/webrev/index.html https://bugs.openjdk.java.net/browse/JDK-8159393 > On Nov 7, 2016, at 9:26 AM, Jim Laskey (Oracle) > wrote: > > Revising to > >String name = entry.name().toUpperCase(Locale

Re: RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Jim Laskey (Oracle)
Revising to String name = entry.name().toUpperCase(Locale.ENGLISH); return name.startsWith("META-INF/") && name.indexOf('/', 9) == -1 && ( name.endsWith(".SF") || name.endsWith(".DSA") ||

Re: RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Jim Laskey (Oracle)
Right. From SignatureFileVerifier.java /** * Utility method used by JarVerifier and JarSigner * to determine the signature file names and PKCS7 block * files names that are supported * * @param s file name * @return true if the input file name is a supported

Re: RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Alan Bateman
On 07/11/2016 13:09, Jim Laskey (Oracle) wrote: Thank you. Regarding SIG- I was just followed the spec. I hope Sean or Max can jump in on this, the other question is .EC as I believe the JDK allows this when signing too. -Alan

Re: RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Jim Laskey (Oracle)
But I need to be more careful with "Note that if such files are located in META-INF subdirectories, they are not considered signature-related.” > On Nov 7, 2016, at 9:09 AM, Jim Laskey (Oracle) > wrote: > > Thank you. Regarding SIG- I was just followed the spec. > > > Signed JAR File > <>O

Re: RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Jim Laskey (Oracle)
Thank you. Regarding SIG- I was just followed the spec. Signed JAR File <>Overview A JAR file can be signed by using the command line jarsigner tool or directly through the java.security API. Every file

Re: RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Alan Bateman
n 07/11/2016 12:29, Jim Laskey (Oracle) wrote: http://cr.openjdk.java.net/~jlaskey/8159393/webrev/test/tools/jlink/JLinkSigningTest.java.html https://bugs.openjdk.java.net/browse/JDK-8159393 I th

RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

2016-11-07 Thread Jim Laskey (Oracle)
http://cr.openjdk.java.net/~jlaskey/8159393/webrev/test/tools/jlink/JLinkSigningTest.java.html https://bugs.openjdk.java.net/browse/JDK-8159393