On Fri, 21 Mar 2025 19:23:59 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
>> The jarsigner -verify command currently performs verification by reading >> from JarFile to navigate the central directory (CEN) headers. It is now >> enhanced to include cross-validation of entries between JarFile (CEN-based) >> and JarInputStream (stream-based) representations of the JAR. It emits >> earnings when detecting discrepancies between a JAR file’s central directory >> and its local file entries. > > Hai-May Chao has updated the pull request incrementally with one additional > commit since the last revision: > > Update test with more ZipEntry in the jar src/jdk.jartool/share/classes/sun/security/tools/jarsigner/resources/jarsigner.properties line 214: > 212: > manifest.attribute.1.present.when.reading.jarfile.but.missing.via.jarinputstream=Manifest > attribute %s is present when reading via JarFile but missing when reading > via JarInputStream > 213: > manifest.attribute.1.present.when.reading.jarinputstream.but.missing.via.jarfile=Manifest > attribute %s is present when reading via JarInputStream but missing when > reading via JarFile > 214: > manifest.atrribute.1.differs.jarfile.value.2.jarinputstream.value.3=Manifest > attribute %1$s differs: JarFile value = %2$s, JarInputStream value = %3$s Typo: s/atrribute/attribute/ ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/23532#discussion_r2012857942
