Re: [9] request for review 8047353: Improve error message when a JAR with invalid signatures is loaded
Am Donnerstag, 19. Juni 2014 23:49 CEST, Joe Darcy joe.da...@oracle.com schrieb: I'd prefer to see the CheckJarSigError.sh as a Java program. There original bug report contains a full self-contained test case in Java. Why was that split into several files? I'm also a bit uneasy about the just show the file name. I have thousands of JARs with the same name on my harddisk (several Maven repos, target folders, you name it). If you strip the path from the error message, then I have to somehow figure out the classpath which was used. That might work when I run Java from the command line but when I use complex frameworks like OSGi or Maven which do all kinds of magic to determine which JARs they might want to load, then this doesn't help much. At least add a command line option / system property which allows to see the full path. Regards, -- Aaron Optimizer Digulla a.k.a. Philmann Dark It's not the universe that's limited, it's our imagination. Follow me and I'll show you something beyond the limits. http://blog.pdark.de/
Re: [9] request for review 8047353: Improve error message when a JAR with invalid signatures is loaded
Hello Aaron, I considered using your testcase that manually generates the necessary malformed JAR but as there was a suitable signed JAR already in the test suite I decided to re-use that. I think it makes sense to re-work the test as a Java program. Unfortunately I’ll be on vacation from today but I’ll return to this issue when I get back. Thanks. On 20 Jun 2014, at 11:00, Aaron Digulla digu...@hepe.com wrote: Am Donnerstag, 19. Juni 2014 23:49 CEST, Joe Darcy joe.da...@oracle.com schrieb: I'd prefer to see the CheckJarSigError.sh as a Java program. There original bug report contains a full self-contained test case in Java. Why was that split into several files? I'm also a bit uneasy about the just show the file name. I have thousands of JARs with the same name on my harddisk (several Maven repos, target folders, you name it). If you strip the path from the error message, then I have to somehow figure out the classpath which was used. That might work when I run Java from the command line but when I use complex frameworks like OSGi or Maven which do all kinds of magic to determine which JARs they might want to load, then this doesn't help much. At least add a command line option / system property which allows to see the full path. Regards, -- Aaron Optimizer Digulla a.k.a. Philmann Dark It's not the universe that's limited, it's our imagination. Follow me and I'll show you something beyond the limits. http://blog.pdark.de/
[9] request for review 8047353: Improve error message when a JAR with invalid signatures is loaded
Please review the following simple changeset to identify the offending JAR file following a signature verification error. Previously, only the offending entry in the JAR was identified. This helps during troubleshooting when several JAR files being processed. The request was originally submitted by Aaron Digulla. Bug: https://bugs.openjdk.java.net/browse/JDK-8047353 Webrev: http://cr.openjdk.java.net/~vinnie/8047353/webrev.00/
Re: [9] request for review 8047353: Improve error message when a JAR with invalid signatures is loaded
I shortened the output to display only the JAR filename to avoid leaking filesystem information. I’ve updated the webrev in-place. Thanks. On 19 Jun 2014, at 17:59, Vincent Ryan vincent.x.r...@oracle.com wrote: Please review the following simple changeset to identify the offending JAR file following a signature verification error. Previously, only the offending entry in the JAR was identified. This helps during troubleshooting when several JAR files being processed. The request was originally submitted by Aaron Digulla. Bug: https://bugs.openjdk.java.net/browse/JDK-8047353 Webrev: http://cr.openjdk.java.net/~vinnie/8047353/webrev.00/
Re: [9] request for review 8047353: Improve error message when a JAR with invalid signatures is loaded
Hello, I'd prefer to see the CheckJarSigError.sh as a Java program. Cheers, -Joe On 06/19/2014 02:21 PM, Vincent Ryan wrote: I shortened the output to display only the JAR filename to avoid leaking filesystem information. I’ve updated the webrev in-place. Thanks. On 19 Jun 2014, at 17:59, Vincent Ryan vincent.x.r...@oracle.com wrote: Please review the following simple changeset to identify the offending JAR file following a signature verification error. Previously, only the offending entry in the JAR was identified. This helps during troubleshooting when several JAR files being processed. The request was originally submitted by Aaron Digulla. Bug: https://bugs.openjdk.java.net/browse/JDK-8047353 Webrev: http://cr.openjdk.java.net/~vinnie/8047353/webrev.00/