On Thu, 19 Sep 2024 12:06:57 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> There ~are two~ is one change~s~:
>>
>> 1. In `jarsigner -verify`, check a .SF file contains un-existing entries and
>> print them out as
>>
>> Warning: nonexistent signed entries detected: [a]
>>
>> ~2. In `JarSigner::sign0`, when creating a new .SF file, only include signed
>> file entries.~
>>
>> *Update*: Even when the JAR file is re-signed, the hash entry for the
>> missing file will be in the new .SF file. There is no way to tell if this is
>> for a file entry or a user-defined entry.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> expected result should be the 1st argument
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java line
182:
> 180: {"key.bit.eccurve.disabled", "%1$d-bit %2$s key (disabled)"},
> 181: {"unknown.size", "unknown size"},
> 182: {"nonexistent.entries.found", "Nonexistent signed entries
> detected. See details in -verbose output."},
For the second sentence, in other warning messages, we say "Re-run jarsigner
with the -verbose option for more details." Perhaps we should be consistent?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19599#discussion_r1778664509
