On Fri, 7 Jun 2024 15:11:29 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> There ~are two~ is one change~s~:
>
> 1. In `jarsigner -verify`, check a .SF file contains un-existing entries and
> print them out as
>
> Warning: nonexistent signed entries detected: [a]
>
> ~2. In `JarSigner::sign0`, when creating a new .SF file, only include signed
> file entries.~
>
> *Update*: Even when the JAR file is resigned, the hash entry for the missing
> file will be in the new .SF file. There is no way to tell if this is for a
> file entry or a user-defined entry.
test/jdk/sun/security/tools/jarsigner/RemovedFiles.java line 52:
> 50:
> 51: // Remove an entry after signing. There will be a warning.
> 52: JarUtils.deleteEntries(Path.of("a.jar"), "a");
No need to verify the execution was successful? Is throwing an IOException the
only "unexpected" outcome?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19599#discussion_r1757054329
