On Mon, 17 Mar 2025 08:27:20 GMT, Christoph Langer <clan...@openjdk.org> wrote:
> Can we maybe add a possibility to store two alternative SHA sums in the JMod > archives, per file? Then we could add SHA sums for both, the stripped and the > full pdb file and either one which is present in the current runtime would be > accepted. So we'd cover the cases where the stripped pdb files are around as > well as a potential case when somebody extracted the symbols archive over the > runtime. I wonder if there would be a more generic way to solve this. We've seen similar issues with JDK image post-processing interfering with the SHA sum check. The general problem is that for some cases SHA sum checking is too strict (e.g. for signed binaries or stripped binaries - debug symbol processing). Now those use-cases aren't for everyone. So it would be ideal if we could opt-into a more lenient SHA sum checking without needing to change the JMOD archive format. The prime reason for the SHA sum check was population of modified configuration files to the linked image. `SaveJLinkArgFilesPlugin` comes to mind. How about we added a way of checking the SHA for a file from a set of values (it could be restricted to binaries and libraries only). Say, this set of SHA sums could be passed to `jlink` itself with an option, say `--sha-mappings=...`. That option could be a list of file/sha pairs or use `file:<path-to-file>` with a mapping. Then, we could add an additional configure option to the JDK build which adds such sha mappings to `jlink` with the `--save-jlink-argfiles` option to the resulting `jlink`. For the Windows case configured with `--with-external-symbols-in-bundles=public` case this could be done at build time. The resulting `jlink` would use `--sha-mappings` as needed for `*.pdb` files only, solving this problem. For RPM builds where we face similar issues of *.so files and executables getting stripped of debug symbols way after the JDK build completes. We could add `--sha-mappings=file:$JAVA_HOME/conf/jlink_extra_mappings.txt` via `--save-jlink-argfiles` and allow for the new SHA sum in that file - again restricting this multi-mapping for binaries/libraries only. Thoughts? ------------- PR Comment: https://git.openjdk.org/jdk/pull/24057#issuecomment-2729570316
