On Wed, 21 May 2025 14:00:03 GMT, Lance Andersen <lan...@openjdk.org> wrote:
>>> For the inconsistent order in the LOC and CEN, we can treat it as invalid, >>> I chose not to because that's not a violation, but if we do extend that as >>> specification for JAR file format, then we can change that to invalid and >>> non-zero exit code. >> >> For the `jar --validate` operation, it would be useful to not just warn (and >> thus exit with a non-zero exit code) for issues that violate the ZIP or JAR >> specification, but also for inconsistencies and uncommon JAR contents that >> might cause some unexpected behaviour within the platform runtime. This >> helps with identifying and analyzing such unexpected issues in the JAR (but >> not strictly violations of any specification) even before that JAR gets used >> in the platform runtime. This is no different for the duplicate entries in >> the JAR file, for which we issue warnings even if the ZIP specification >> explicitly allows it (and the JAR specification doesn't make a mention of >> it). >> >> Based on some experiments we have run, it's not very common for a JAR file >> to have a different order in CEN as compared to LOC, so I think any JAR file >> that has a different order between these structures should result in a >> warning (and thus a non-zero exit code) from the validate operation. > >> Point taken. For documentation wise, I don't think it's necessary to specify >> at this point. For the inconsistent order in the LOC and CEN, we can treat >> it as invalid, I chose not to because that's not a violation, but if we do >> extend that as specification for JAR file format, then we can change that to >> invalid and non-zero exit code. > > I am OK to currently specify as non-zero, it is a discussion that can be > continued as to what if anything more to do (as Jai mentions) > > Any warnings should result in a non-zero for a return code. OK, I'll update the PR to consider inconsistent order to be invalid even though it won't cause issue but indeed a sign that's not created by the official `jar` tool. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24430#discussion_r2100570620
