Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6874884

Provide a way to sign jars as single blob

    Details

      Description

      Total size of MANIFEST and .SF file from FX runtime is 200k compressed and 500k uncompressed
      because it contains signatures for several thousands classes.

      On other hand everything is actually signed by single signer and we validate everything at the same time.
      So, there is no real need to have thousands of signatures if we can find a way to sign and validate
      this jar as one large blob.
      Considering FX runtime as an example jar - 2600 entries, 4.3Mb jar, 1.2Mb jar.pack.gz.

        Overhead of MANIFEST.MF and TEST.SF:
           A. Unjared - 510k (need to parse 500k of text on startup)
           B. jar - 170k, jar.pack.gz - 170k too (this is download overhead, in case of pack200 it is 15% overhead and translates directly to download time)

      Note that many real world enterprise apps contain even large number of classes. It is not problem specific to FX runtime.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                weijun Weijun Wang
                Reporter:
                igor Igor Nekrestyanov (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: