On Fri, 7 Jun 2024 15:11:29 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> There ~are two~ is one change~s~:
>
> 1. In `jarsigner -verify`, check a .SF file contains un-existing entries and
> print them out as
>
> Warning: nonexistent signed entries detected: [a]
>
> ~2. In `JarSigner::sign0`, when creating a new .SF file, only include signed
> file entries.~
>
> *Update*: Even when the JAR file is resigned, the hash entry for the missing
> file will be in the new .SF file. There is no way to tell if this is for a
> file entry or a user-defined entry.
test/jdk/sun/security/tools/jarsigner/RemovedFiles.java line 49:
> 47: // All is fine at the beginning.
> 48: SecurityTools.jarsigner("-verify a.jar")
> 49: .shouldNotContain("Nonexistent signed entries detected.
> See details in -verbose output.");
It may make sense to make this String into a constant. It is repeated several
times, and that may be error prone.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19599#discussion_r1757030672
