Re: RFR: 8250968: Symlinks attributes not preserved when using jarsigner on zip files [v2]

[Lance Andersen]

On Mon, 7 Sep 2020 18:57:11 GMT, Sean Coffey  wrote:

>> Continuation of RFR thread from 
>> http://mail.openjdk.java.net/pipermail/security-dev/2020-August/022373.html
>> 
>> CSR has been approved.
>
> Sean Coffey has updated the pull request incrementally with one additional 
> commit since the last revision:
> 
>   Copyright and test clean up

Marked as reviewed by lancea (Reviewer).

-

PR: https://git.openjdk.java.net/jdk/pull/56

Re: RFR: 8250968: Symlinks attributes not preserved when using jarsigner on zip files [v2]

[Sean Coffey]

> Continuation of RFR thread from 
> http://mail.openjdk.java.net/pipermail/security-dev/2020-August/022373.html
> 
> CSR has been approved.

Sean Coffey has updated the pull request incrementally with one additional 
commit since the last revision:

  Copyright and test clean up

-

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/56/files
  - new: https://git.openjdk.java.net/jdk/pull/56/files/2f656ce0..27cb91f3

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk=56=01
 - incr: https://webrevs.openjdk.java.net/?repo=jdk=56=00-01

  Stats: 3 lines in 3 files changed: 0 ins; 0 del; 3 mod
  Patch: https://git.openjdk.java.net/jdk/pull/56.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/56/head:pull/56

PR: https://git.openjdk.java.net/jdk/pull/56

Re: RFR: 8250968: Symlinks attributes not preserved when using jarsigner on zip files

[Weijun Wang]

On Mon, 7 Sep 2020 13:48:57 GMT, Sean Coffey  wrote:

> Continuation of RFR thread from 
> http://mail.openjdk.java.net/pipermail/security-dev/2020-August/022373.html
> 
> CSR has been approved.

Marked as reviewed by weijun (Reviewer).

-

PR: https://git.openjdk.java.net/jdk/pull/56

Re: RFR: 8250968: Symlinks attributes not preserved when using jarsigner on zip files

[Lance Andersen]

On Mon, 7 Sep 2020 13:48:57 GMT, Sean Coffey  wrote:

> Continuation of RFR thread from 
> http://mail.openjdk.java.net/pipermail/security-dev/2020-August/022373.html
> 
> CSR has been approved.

I think this looks good over all Sean.  In your SymLinkTest, I probably would 
have the  test delete the file if it
exists prior to writing to it.

-

Marked as reviewed by lancea (Reviewer).

PR: https://git.openjdk.java.net/jdk/pull/56

Re: RFR: 8250968: Symlinks attributes not preserved when using jarsigner on zip files

[Seán Coffey]

Thanks for the review Hai-May. I've implemented all your suggestions.

The CSR was approved late on Friday so I'll now submit this via PR on 
github infra.


regards,
Sean.

On 28/08/2020 21:08, Hai-May Chao wrote:
JarSigner.java #953: The output debug message can be removed from the 
code.

JavaUtilZipFileAccess.java #44: Change posixPerms to extraAttrs.
ZipFile.java #661: Suggest to keep the comment and update it with the 
additional 4 bits for symlink.


The rest of code changes and CSR look good.

Thanks,
Hai-May


On Aug 28, 2020, at 7:17 AM, Seán Coffey > wrote:


I've been poking around the zip internals and am now able to locate 
the 16 bits of interest. The position of these actual bits does 
appear to move around from one test run to another. For now, I guess 
it's sufficient to look for the pattern of interest in the signed zip 
file. New testcase added.


http://cr.openjdk.java.net/~coffeys/webrev.8250968.v4/webrev/

regards,
Sean.

On 27/08/2020 15:58, Weijun Wang wrote:

Looks like it was a conscious design decision to only allow recording of POSIX 
permission bits for this field (& 0xFFF). I don't see anything about symlink 
support in zipfs docs.

As long as that*byte*  is there and it’s not difficult to locate, we can 
manually add the*bit*  for symlink and see if jarsigner can keep it.

—Max

Re: RFR: 8250968: Symlinks attributes not preserved when using jarsigner on zip files

[Hai-May Chao]

JarSigner.java #953: The output debug message can be removed from the code.
JavaUtilZipFileAccess.java #44: Change posixPerms to extraAttrs.
ZipFile.java #661: Suggest to keep the comment and update it with the 
additional 4 bits for symlink.

The rest of code changes and CSR look good.

Thanks,
Hai-May


> On Aug 28, 2020, at 7:17 AM, Seán Coffey  wrote:
> 
> I've been poking around the zip internals and am now able to locate the 16 
> bits of interest. The position of these actual bits does appear to move 
> around from one test run to another. For now, I guess it's sufficient to look 
> for the pattern of interest in the signed zip file. New testcase added.
> 
> http://cr.openjdk.java.net/~coffeys/webrev.8250968.v4/webrev/ 
> 
> regards,
> Sean.
> 
> On 27/08/2020 15:58, Weijun Wang wrote:
>>> Looks like it was a conscious design decision to only allow recording of 
>>> POSIX permission bits for this field (& 0xFFF). I don't see anything about 
>>> symlink support in zipfs docs.
>> As long as that *byte* is there and it’s not difficult to locate, we can 
>> manually add the *bit* for symlink and see if jarsigner can keep it.
>> 
>> —Max
>> 

Re: RFR: 8250968: Symlinks attributes not preserved when using jarsigner on zip files

[Weijun Wang]

Everything looks fine to me.

I’ve added myself as the CSR reviewer. In the Solution section, it probably 
should me “The existing warning introduced in JDK-8218021 is expanded to 
include symlink”. It is not a new warning.

Thanks,
Max

> On Aug 28, 2020, at 12:05 PM, Seán Coffey  wrote:
> 
> 
> On 28/08/2020 16:18, Weijun Wang wrote:
>> 1. Add a comment on how to generate ZIPBYTES in the test. Not the byte[] 
>> declaration but how the original ZIP file is generated.
> I'll add a comment block to the test:
>> /*
>>  * Created using the createByteArray utility method.
>>  * The zipfile itself was created via this example:
>>  * $ ls -l z
>>  * lrwxrwxrwx 1 test test 4 Aug 27 18:33 z -> ../z
>>  * $ zip -ry test.zip z
>>  */
> 
>> 
>> 2. Does this require a CSR? The POSIX permission one had one.
> 
> Fair point. I've logged one, just to be safe.
> 
> regards,
> Sean.
> 
>> 
>> Thanks,
>> Max
>> 
>>> On Aug 28, 2020, at 10:17 AM, Seán Coffey  wrote:
>>> 
>>> I've been poking around the zip internals and am now able to locate the 16 
>>> bits of interest. The position of these actual bits does appear to move 
>>> around from one test run to another. For now, I guess it's sufficient to 
>>> look for the pattern of interest in the signed zip file. New testcase added.
>>> 
>>> http://cr.openjdk.java.net/~coffeys/webrev.8250968.v4/webrev/
>>> 
>>> regards,
>>> Sean.
>>> 
>>> On 27/08/2020 15:58, Weijun Wang wrote:
> Looks like it was a conscious design decision to only allow recording of 
> POSIX permission bits for this field (& 0xFFF). I don't see anything 
> about symlink support in zipfs docs.
> 
 As long as that *byte* is there and it’s not difficult to locate, we can 
 manually add the *bit*
  for symlink and see if jarsigner can keep it.
 
 —Max
 
 

Re: RFR: 8250968: Symlinks attributes not preserved when using jarsigner on zip files

[Seán Coffey]

On 28/08/2020 16:18, Weijun Wang wrote:

1. Add a comment on how to generate ZIPBYTES in the test. Not the byte[] 
declaration but how the original ZIP file is generated.

I'll add a comment block to the test:

    /*
 * Created using the createByteArray utility method.
 * The zipfile itself was created via this example:
 * $ ls -l z
 * lrwxrwxrwx 1 test test 4 Aug 27 18:33 z -> ../z
 * $ zip -ry test.zip z
 */




2. Does this require a CSR? The POSIX permission one had one.


Fair point. I've logged one, just to be safe.

regards,
Sean.



Thanks,
Max


On Aug 28, 2020, at 10:17 AM, Seán Coffey  wrote:

I've been poking around the zip internals and am now able to locate the 16 bits 
of interest. The position of these actual bits does appear to move around from 
one test run to another. For now, I guess it's sufficient to look for the 
pattern of interest in the signed zip file. New testcase added.

http://cr.openjdk.java.net/~coffeys/webrev.8250968.v4/webrev/

regards,
Sean.

On 27/08/2020 15:58, Weijun Wang wrote:

Looks like it was a conscious design decision to only allow recording of POSIX 
permission bits for this field (& 0xFFF). I don't see anything about symlink 
support in zipfs docs.


As long as that *byte* is there and it’s not difficult to locate, we can 
manually add the *bit*
  for symlink and see if jarsigner can keep it.

—Max

Re: RFR: 8250968: Symlinks attributes not preserved when using jarsigner on zip files

[Weijun Wang]

1. Add a comment on how to generate ZIPBYTES in the test. Not the byte[] 
declaration but how the original ZIP file is generated.

2. Does this require a CSR? The POSIX permission one had one.

Thanks,
Max

> On Aug 28, 2020, at 10:17 AM, Seán Coffey  wrote:
> 
> I've been poking around the zip internals and am now able to locate the 16 
> bits of interest. The position of these actual bits does appear to move 
> around from one test run to another. For now, I guess it's sufficient to look 
> for the pattern of interest in the signed zip file. New testcase added.
> 
> http://cr.openjdk.java.net/~coffeys/webrev.8250968.v4/webrev/
> 
> regards,
> Sean.
> 
> On 27/08/2020 15:58, Weijun Wang wrote:
>>> Looks like it was a conscious design decision to only allow recording of 
>>> POSIX permission bits for this field (& 0xFFF). I don't see anything about 
>>> symlink support in zipfs docs.
>>> 
>> As long as that *byte* is there and it’s not difficult to locate, we can 
>> manually add the *bit*
>>  for symlink and see if jarsigner can keep it.
>> 
>> —Max
>> 
>> 

Re: RFR: 8250968: Symlinks attributes not preserved when using jarsigner on zip files

[Seán Coffey]

I've been poking around the zip internals and am now able to locate the 
16 bits of interest. The position of these actual bits does appear to 
move around from one test run to another. For now, I guess it's 
sufficient to look for the pattern of interest in the signed zip file. 
New testcase added.


http://cr.openjdk.java.net/~coffeys/webrev.8250968.v4/webrev/

regards,
Sean.

On 27/08/2020 15:58, Weijun Wang wrote:

Looks like it was a conscious design decision to only allow recording of POSIX 
permission bits for this field (& 0xFFF). I don't see anything about symlink 
support in zipfs docs.

As long as that*byte*  is there and it’s not difficult to locate, we can 
manually add the*bit*  for symlink and see if jarsigner can keep it.

—Max

Re: RFR: 8250968: Symlinks attributes not preserved when using jarsigner on zip files

[Lance Andersen]

Hi Sean,

I think the changes are OK in the latest version.  A couple of the files have a 
2019 copyright still.

> On Aug 27, 2020, at 10:58 AM, Weijun Wang  wrote:
> 
> 
> 
>> On Aug 27, 2020, at 10:36 AM, Seán Coffey  wrote:
>> 
>> Thanks for the review Max. Comments inline..
>> 
>> On 27/08/2020 14:45, Weijun Wang wrote:
>>> I’m OK with using one warning, but prefer it to a little more formal like 
>>> "POSIX file permission and/or symlink attributes detected…”.
>>> 
>>> One nit in ZipFile.java:
>>> 
>>> 1098 // only set posix perms value via ZipEntry constructor 
>>> for now
>>> 1099 @Override
>>> 1100 public int getExtraAttributes(ZipEntry ze) {
>>> 
>>> Maybe you can just remove the comment.
>>> 
>>> Do you also want to rename the “posixPermsDetected" field and loacl 
>>> variable “perms” in JarSigner.java?
>> 
>> Good points. Edits made.
>> 
>> http://cr.openjdk.java.net/~coffeys/webrev.8250968.v3/webrev/
>> 
>>> 
>>> I’m not sure about the test but if zipfs is able to keep permissions inside 
>>> a zip file then that POSIX byte (or whatever it’s named) is already there 
>>> and we can modify it to include more bits.
>> 
>> Looks like it was a conscious design decision to only allow recording of 
>> POSIX permission bits for this field (& 0xFFF). I don't see anything about 
>> symlink support in zipfs docs.
> 
> As long as that *byte* is there and it’s not difficult to locate, we can 
> manually add the *bit* for symlink and see if jarsigner can keep it.

We can create an RFE for adding support for this with Zip FS.
> 
> —Max
> 
>> 
>> regards,
>> Sean.
>> 
>>> 
>>> No other comment.
>>> 
>>> Thanks,
>>> Max
>>> 
>>> 
 On Aug 27, 2020, at 3:26 AM, Seán Coffey  wrote:
 
 updated webrev:
 http://cr.openjdk.java.net/~coffeys/webrev.8250968.v2/webrev/
 
 regards,
 Sean.
 
 On 27/08/2020 07:42, Seán Coffey wrote:
> Hi Max,
> 
> I looked at updating the warning string but figured that it might have 
> been of no interest to end users. How about this edit then ?
> 
> +{"posix.attributes.detected", "POSIX file permission attributes 
> detected. These attributes are ignored when signing and are not protected 
> by the signature."},
> 
>>> replace with:
> +{"extra.attributes.detected", "POSIX file permission/symlink 
> attributes detected. These attributes are ignored when signing and are 
> not protected by the signature."},
> 
> regards,
> Sean.
> 
> On 26/08/2020 23:15, Weijun Wang wrote:
>> Are you going to update the warning text or create a new one?
>> 
>> Thanks,
>> Max
>> 
>>> On Aug 26, 2020, at 2:26 PM, Seán Coffey  wrote:
>>> 
>>> This is a follow on from the recent 8218021 fix. The jarsigner tool 
>>> removes symlink attribute data from zipfiles when signing them. 
>>> jarsigner should preserve this data. The fix involves preserving the 16 
>>> bits associated with the file attributes (instead of the current 12). 
>>> That's done in ZipFile. All other changes are just a refactor of the 
>>> variable name.
>>> 
>>> I haven't been able to automate a test for this since zipfs doesn't 
>>> seem to support symlinks. Manual testing looks good.
>>> 
>>> https://bugs.openjdk.java.net/browse/JDK-8250968
>>> http://hmsjpse.uk.oracle.com/home/scoffey/ws/jdk-jdk/open/webrev.8250968/webrev/index.html
>>> 
>>> regards,
>>> Sean.


Best
Lance
--




Lance Andersen| Principal Member of Technical Staff | +1.781.442.2037
Oracle Java Engineering 
1 Network Drive 
Burlington, MA 01803
lance.ander...@oracle.com

Re: RFR: 8250968: Symlinks attributes not preserved when using jarsigner on zip files

[Weijun Wang]

> On Aug 27, 2020, at 10:36 AM, Seán Coffey  wrote:
> 
> Thanks for the review Max. Comments inline..
> 
> On 27/08/2020 14:45, Weijun Wang wrote:
>> I’m OK with using one warning, but prefer it to a little more formal like 
>> "POSIX file permission and/or symlink attributes detected…”.
>> 
>> One nit in ZipFile.java:
>> 
>> 1098 // only set posix perms value via ZipEntry constructor 
>> for now
>> 1099 @Override
>> 1100 public int getExtraAttributes(ZipEntry ze) {
>> 
>> Maybe you can just remove the comment.
>> 
>> Do you also want to rename the “posixPermsDetected" field and loacl variable 
>> “perms” in JarSigner.java?
> 
> Good points. Edits made.
> 
> http://cr.openjdk.java.net/~coffeys/webrev.8250968.v3/webrev/
> 
>> 
>> I’m not sure about the test but if zipfs is able to keep permissions inside 
>> a zip file then that POSIX byte (or whatever it’s named) is already there 
>> and we can modify it to include more bits.
> 
> Looks like it was a conscious design decision to only allow recording of 
> POSIX permission bits for this field (& 0xFFF). I don't see anything about 
> symlink support in zipfs docs.

As long as that *byte* is there and it’s not difficult to locate, we can 
manually add the *bit* for symlink and see if jarsigner can keep it.

—Max

> 
> regards,
> Sean.
> 
>> 
>> No other comment.
>> 
>> Thanks,
>> Max
>> 
>> 
>>> On Aug 27, 2020, at 3:26 AM, Seán Coffey  wrote:
>>> 
>>> updated webrev:
>>> http://cr.openjdk.java.net/~coffeys/webrev.8250968.v2/webrev/
>>> 
>>> regards,
>>> Sean.
>>> 
>>> On 27/08/2020 07:42, Seán Coffey wrote:
 Hi Max,
 
 I looked at updating the warning string but figured that it might have 
 been of no interest to end users. How about this edit then ?
 
 +{"posix.attributes.detected", "POSIX file permission attributes 
 detected. These attributes are ignored when signing and are not protected 
 by the signature."},
 
>> replace with:
 +{"extra.attributes.detected", "POSIX file permission/symlink 
 attributes detected. These attributes are ignored when signing and are not 
 protected by the signature."},
 
 regards,
 Sean.
 
 On 26/08/2020 23:15, Weijun Wang wrote:
> Are you going to update the warning text or create a new one?
> 
> Thanks,
> Max
> 
>> On Aug 26, 2020, at 2:26 PM, Seán Coffey  wrote:
>> 
>> This is a follow on from the recent 8218021 fix. The jarsigner tool 
>> removes symlink attribute data from zipfiles when signing them. 
>> jarsigner should preserve this data. The fix involves preserving the 16 
>> bits associated with the file attributes (instead of the current 12). 
>> That's done in ZipFile. All other changes are just a refactor of the 
>> variable name.
>> 
>> I haven't been able to automate a test for this since zipfs doesn't seem 
>> to support symlinks. Manual testing looks good.
>> 
>> https://bugs.openjdk.java.net/browse/JDK-8250968
>> http://hmsjpse.uk.oracle.com/home/scoffey/ws/jdk-jdk/open/webrev.8250968/webrev/index.html
>> 
>> regards,
>> Sean.
>> 

Re: RFR: 8250968: Symlinks attributes not preserved when using jarsigner on zip files

[Seán Coffey]

Thanks for the review Max. Comments inline..

On 27/08/2020 14:45, Weijun Wang wrote:

I’m OK with using one warning, but prefer it to a little more formal like 
"POSIX file permission and/or symlink attributes detected…”.

One nit in ZipFile.java:

1098 // only set posix perms value via ZipEntry constructor for 
now
1099 @Override
1100 public int getExtraAttributes(ZipEntry ze) {

Maybe you can just remove the comment.

Do you also want to rename the “posixPermsDetected" field and loacl variable 
“perms” in JarSigner.java?


Good points. Edits made.

http://cr.openjdk.java.net/~coffeys/webrev.8250968.v3/webrev/



I’m not sure about the test but if zipfs is able to keep permissions inside a 
zip file then that POSIX byte (or whatever it’s named) is already there and we 
can modify it to include more bits.


Looks like it was a conscious design decision to only allow recording of 
POSIX permission bits for this field (& 0xFFF). I don't see anything 
about symlink support in zipfs docs.


regards,
Sean.



No other comment.

Thanks,
Max



On Aug 27, 2020, at 3:26 AM, Seán Coffey  wrote:

updated webrev:
http://cr.openjdk.java.net/~coffeys/webrev.8250968.v2/webrev/

regards,
Sean.

On 27/08/2020 07:42, Seán Coffey wrote:

Hi Max,

I looked at updating the warning string but figured that it might have been of 
no interest to end users. How about this edit then ?

+{"posix.attributes.detected", "POSIX file permission attributes detected. 
These attributes are ignored when signing and are not protected by the signature."},


replace with:

+{"extra.attributes.detected", "POSIX file permission/symlink attributes 
detected. These attributes are ignored when signing and are not protected by the signature."},

regards,
Sean.

On 26/08/2020 23:15, Weijun Wang wrote:

Are you going to update the warning text or create a new one?

Thanks,
Max


On Aug 26, 2020, at 2:26 PM, Seán Coffey  wrote:

This is a follow on from the recent 8218021 fix. The jarsigner tool removes 
symlink attribute data from zipfiles when signing them. jarsigner should 
preserve this data. The fix involves preserving the 16 bits associated with the 
file attributes (instead of the current 12). That's done in ZipFile. All other 
changes are just a refactor of the variable name.

I haven't been able to automate a test for this since zipfs doesn't seem to 
support symlinks. Manual testing looks good.

https://bugs.openjdk.java.net/browse/JDK-8250968
http://hmsjpse.uk.oracle.com/home/scoffey/ws/jdk-jdk/open/webrev.8250968/webrev/index.html

regards,
Sean.

Re: RFR: 8250968: Symlinks attributes not preserved when using jarsigner on zip files

[Weijun Wang]

I’m OK with using one warning, but prefer it to a little more formal like 
"POSIX file permission and/or symlink attributes detected…”.

One nit in ZipFile.java:

1098 // only set posix perms value via ZipEntry constructor for 
now
1099 @Override
1100 public int getExtraAttributes(ZipEntry ze) {

Maybe you can just remove the comment.

Do you also want to rename the “posixPermsDetected" field and loacl variable 
“perms” in JarSigner.java?

I’m not sure about the test but if zipfs is able to keep permissions inside a 
zip file then that POSIX byte (or whatever it’s named) is already there and we 
can modify it to include more bits.

No other comment.

Thanks,
Max


> On Aug 27, 2020, at 3:26 AM, Seán Coffey  wrote:
> 
> updated webrev:
> http://cr.openjdk.java.net/~coffeys/webrev.8250968.v2/webrev/
> 
> regards,
> Sean.
> 
> On 27/08/2020 07:42, Seán Coffey wrote:
>> Hi Max,
>> 
>> I looked at updating the warning string but figured that it might have been 
>> of no interest to end users. How about this edit then ?
>> 
>> +{"posix.attributes.detected", "POSIX file permission attributes 
>> detected. These attributes are ignored when signing and are not protected by 
>> the signature."},
>> 
>> >> replace with:
>> +{"extra.attributes.detected", "POSIX file permission/symlink 
>> attributes detected. These attributes are ignored when signing and are not 
>> protected by the signature."},
>> 
>> regards,
>> Sean.
>> 
>> On 26/08/2020 23:15, Weijun Wang wrote:
>>> Are you going to update the warning text or create a new one?
>>> 
>>> Thanks,
>>> Max
>>> 
 On Aug 26, 2020, at 2:26 PM, Seán Coffey  wrote:
 
 This is a follow on from the recent 8218021 fix. The jarsigner tool 
 removes symlink attribute data from zipfiles when signing them. jarsigner 
 should preserve this data. The fix involves preserving the 16 bits 
 associated with the file attributes (instead of the current 12). That's 
 done in ZipFile. All other changes are just a refactor of the variable 
 name.
 
 I haven't been able to automate a test for this since zipfs doesn't seem 
 to support symlinks. Manual testing looks good.
 
 https://bugs.openjdk.java.net/browse/JDK-8250968
 http://hmsjpse.uk.oracle.com/home/scoffey/ws/jdk-jdk/open/webrev.8250968/webrev/index.html
  
 
 regards,
 Sean.
 

Re: RFR: 8250968: Symlinks attributes not preserved when using jarsigner on zip files

[Seán Coffey]

updated webrev:
http://cr.openjdk.java.net/~coffeys/webrev.8250968.v2/webrev/

regards,
Sean.

On 27/08/2020 07:42, Seán Coffey wrote:

Hi Max,

I looked at updating the warning string but figured that it might have 
been of no interest to end users. How about this edit then ?


+    {"posix.attributes.detected", "POSIX file permission 
attributes detected. These attributes are ignored when signing and are 
not protected by the signature."},


>> replace with:
+    {"extra.attributes.detected", "POSIX file permission/symlink 
attributes detected. These attributes are ignored when signing and are 
not protected by the signature."},


regards,
Sean.

On 26/08/2020 23:15, Weijun Wang wrote:

Are you going to update the warning text or create a new one?

Thanks,
Max

On Aug 26, 2020, at 2:26 PM, Seán Coffey  
wrote:


This is a follow on from the recent 8218021 fix. The jarsigner tool 
removes symlink attribute data from zipfiles when signing them. 
jarsigner should preserve this data. The fix involves preserving the 
16 bits associated with the file attributes (instead of the current 
12). That's done in ZipFile. All other changes are just a refactor 
of the variable name.


I haven't been able to automate a test for this since zipfs doesn't 
seem to support symlinks. Manual testing looks good.


https://bugs.openjdk.java.net/browse/JDK-8250968
http://hmsjpse.uk.oracle.com/home/scoffey/ws/jdk-jdk/open/webrev.8250968/webrev/index.html 



regards,
Sean.

Re: RFR: 8250968: Symlinks attributes not preserved when using jarsigner on zip files

[Seán Coffey]

Hi Max,

I looked at updating the warning string but figured that it might have 
been of no interest to end users. How about this edit then ?


+    {"posix.attributes.detected", "POSIX file permission attributes 
detected. These attributes are ignored when signing and are not 
protected by the signature."},


>> replace with:
+    {"extra.attributes.detected", "POSIX file permission/symlink 
attributes detected. These attributes are ignored when signing and are 
not protected by the signature."},


regards,
Sean.

On 26/08/2020 23:15, Weijun Wang wrote:

Are you going to update the warning text or create a new one?

Thanks,
Max


On Aug 26, 2020, at 2:26 PM, Seán Coffey  wrote:

This is a follow on from the recent 8218021 fix. The jarsigner tool removes 
symlink attribute data from zipfiles when signing them. jarsigner should 
preserve this data. The fix involves preserving the 16 bits associated with the 
file attributes (instead of the current 12). That's done in ZipFile. All other 
changes are just a refactor of the variable name.

I haven't been able to automate a test for this since zipfs doesn't seem to 
support symlinks. Manual testing looks good.

https://bugs.openjdk.java.net/browse/JDK-8250968
http://hmsjpse.uk.oracle.com/home/scoffey/ws/jdk-jdk/open/webrev.8250968/webrev/index.html

regards,
Sean.

Re: RFR: 8250968: Symlinks attributes not preserved when using jarsigner on zip files

[Weijun Wang]

Are you going to update the warning text or create a new one?

Thanks,
Max

> On Aug 26, 2020, at 2:26 PM, Seán Coffey  wrote:
> 
> This is a follow on from the recent 8218021 fix. The jarsigner tool removes 
> symlink attribute data from zipfiles when signing them. jarsigner should 
> preserve this data. The fix involves preserving the 16 bits associated with 
> the file attributes (instead of the current 12). That's done in ZipFile. All 
> other changes are just a refactor of the variable name.
> 
> I haven't been able to automate a test for this since zipfs doesn't seem to 
> support symlinks. Manual testing looks good.
> 
> https://bugs.openjdk.java.net/browse/JDK-8250968
> http://hmsjpse.uk.oracle.com/home/scoffey/ws/jdk-jdk/open/webrev.8250968/webrev/index.html
> 
> regards,
> Sean.
>