Re: [9] request for review 8047353: Improve error message when a JAR with invalid signatures is loaded

2014-07-09 Thread Aaron Digulla
Am Donnerstag, 19. Juni 2014 23:49 CEST, Joe Darcy joe.da...@oracle.com 
schrieb:

 I'd prefer to see the CheckJarSigError.sh as a Java program.

There original bug report contains a full self-contained test case in Java. Why 
was that split into several files?

I'm also a bit uneasy about the just show the file name. I have thousands of 
JARs with the same name on my harddisk (several Maven repos, target folders, 
you name it). If you strip the path from the error message, then I have to 
somehow figure out the classpath which was used.

That might work when I run Java from the command line but when I use complex 
frameworks like OSGi or Maven which do all kinds of magic to determine which 
JARs they might want to load, then this doesn't help much.


At least add a command line option / system property which allows to see the 
full path.

Regards,

--
Aaron Optimizer Digulla a.k.a. Philmann Dark
It's not the universe that's limited, it's our imagination.
Follow me and I'll show you something beyond the limits.
http://blog.pdark.de/


Re: [9] request for review 8047353: Improve error message when a JAR with invalid signatures is loaded

2014-06-20 Thread Vincent Ryan
Hello Aaron,

I considered using your testcase that manually generates the necessary 
malformed JAR
but as there was a suitable signed JAR already in the test suite I decided to 
re-use that.

I think it makes sense to re-work the test as a Java program. Unfortunately 
I’ll be on vacation
from today but I’ll return to this issue when I get back.

Thanks.



On 20 Jun 2014, at 11:00, Aaron Digulla digu...@hepe.com wrote:

 Am Donnerstag, 19. Juni 2014 23:49 CEST, Joe Darcy joe.da...@oracle.com 
 schrieb:
 
 I'd prefer to see the CheckJarSigError.sh as a Java program.
 
 There original bug report contains a full self-contained test case in Java. 
 Why was that split into several files?
 
 I'm also a bit uneasy about the just show the file name. I have thousands 
 of JARs with the same name on my harddisk (several Maven repos, target 
 folders, you name it). If you strip the path from the error message, then I 
 have to somehow figure out the classpath which was used.
 
 That might work when I run Java from the command line but when I use complex 
 frameworks like OSGi or Maven which do all kinds of magic to determine which 
 JARs they might want to load, then this doesn't help much.
 
 
 At least add a command line option / system property which allows to see the 
 full path.
 
 Regards,
 
 --
 Aaron Optimizer Digulla a.k.a. Philmann Dark
 It's not the universe that's limited, it's our imagination.
 Follow me and I'll show you something beyond the limits.
 http://blog.pdark.de/



[9] request for review 8047353: Improve error message when a JAR with invalid signatures is loaded

2014-06-19 Thread Vincent Ryan
Please review the following simple changeset to identify the offending JAR file 
following a signature verification error.
Previously, only the offending entry in the JAR was identified.

This helps during troubleshooting when several JAR files being processed.

The request was originally submitted by Aaron Digulla.


Bug: https://bugs.openjdk.java.net/browse/JDK-8047353
Webrev: http://cr.openjdk.java.net/~vinnie/8047353/webrev.00/




Re: [9] request for review 8047353: Improve error message when a JAR with invalid signatures is loaded

2014-06-19 Thread Vincent Ryan

I shortened the output to display only the JAR filename to avoid leaking 
filesystem information.
I’ve updated the webrev in-place.

Thanks.


On 19 Jun 2014, at 17:59, Vincent Ryan vincent.x.r...@oracle.com wrote:

 Please review the following simple changeset to identify the offending JAR 
 file following a signature verification error.
 Previously, only the offending entry in the JAR was identified.
 
 This helps during troubleshooting when several JAR files being processed.
 
 The request was originally submitted by Aaron Digulla.
 
 
 Bug: https://bugs.openjdk.java.net/browse/JDK-8047353
 Webrev: http://cr.openjdk.java.net/~vinnie/8047353/webrev.00/
 
 



Re: [9] request for review 8047353: Improve error message when a JAR with invalid signatures is loaded

2014-06-19 Thread Joe Darcy

Hello,

I'd prefer to see the CheckJarSigError.sh as a Java program.

Cheers,

-Joe

On 06/19/2014 02:21 PM, Vincent Ryan wrote:

I shortened the output to display only the JAR filename to avoid leaking 
filesystem information.
I’ve updated the webrev in-place.

Thanks.


On 19 Jun 2014, at 17:59, Vincent Ryan vincent.x.r...@oracle.com wrote:


Please review the following simple changeset to identify the offending JAR file 
following a signature verification error.
Previously, only the offending entry in the JAR was identified.

This helps during troubleshooting when several JAR files being processed.

The request was originally submitted by Aaron Digulla.


Bug: https://bugs.openjdk.java.net/browse/JDK-8047353
Webrev: http://cr.openjdk.java.net/~vinnie/8047353/webrev.00/