On Fri, 21 Mar 2025 19:23:59 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
>> The jarsigner -verify command currently performs verification by reading
>> from JarFile to navigate the central directory (CEN) headers. It is now
>> enhanced to include cross-validation of entries between JarFile (CEN-based)
>> and JarInputStream (stream-based) representations of the JAR. It emits
>> earnings when detecting discrepancies between a JAR file’s central directory
>> and its local file entries.
>
> Hai-May Chao has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Update test with more ZipEntry in the jar
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 1158:
> 1156: if (cenEntry == null) {
> 1157: crossChkWarnings.add(String.format(rb.getString(
> 1158: "Entry.missing.in.JarFile.1"), entryName));
Would it be more precise to change this warning to "Entry %s is present when
reading via JarInputStream but missing when reading via JarFile"?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23532#discussion_r2012868024
