On Thu, 27 Mar 2025 06:40:02 GMT, Hai-May Chao <[email protected]> wrote:
>> The jarsigner -verify command currently performs verification by reading
>> from JarFile to navigate the central directory (CEN) headers. It is now
>> enhanced to include cross-validation of entries between JarFile (CEN-based)
>> and JarInputStream (stream-based) representations of the JAR. It emits
>> earnings when detecting discrepancies between a JAR file’s central directory
>> and its local file entries.
>
> Hai-May Chao has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Not split warning in rb.getString() accross multi-lines for Usages.java
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 1137:
> 1135:
> 1136: private void crossCheckEntries(String jarName) throws Exception {
> 1137: List<String> locEntries = new ArrayList<>();
I think this can be a `HashSet` now that you don't care about the order when
checking against the `cenEntries` later.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23532#discussion_r2016588287
