Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6958622

Regression: Signing pack200-reordered Jar files strips existing MANIFEST.MF

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2
    • Resolution: Duplicate
    • Affects Version/s: 6u10
    • Fix Version/s: None
    • Component/s: tools
    • Labels:
    • Subcomponent:
      jar
    • CPU:
      x86
    • OS:
      linux

      Description

      FULL PRODUCT VERSION :
      java version "1.6.0_20"
      Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
      Java HotSpot(TM) Client VM (build 16.3-b01, mixed mode, sharing)


      ADDITIONAL OS VERSION INFORMATION :
      Linux bfo 2.6.32-22-generic-pae

      A DESCRIPTION OF THE PROBLEM :
      Signing a Jar file containing an existing MANIFEST.MF strips the existing content - eg "Main-Class", "Implementation-Version" etc., and replaces it with with the class signatures, rather than appending the class signatures to the existing content.

      This doesn't apply to all Jars - I've tested two or three - but a contributing factor seems to be if the Jar has previously been repacked using "pack200".

      Note this is a regression: I have tested running "pack200" and "jarsigner" from JVMs 1.6.0_17 to 1.6.0_20 and got the following results:

      pack(1.6.0_17) and jarsigner (1.6.0_17) - success
      pack(1.6.0_18) and jarsigner (1.6.0_17) - success
      pack(1.6.0_19) and jarsigner (1.6.0_17) - success
      pack(1.6.0_20) and jarsigner (1.6.0_17) - success
      pack(1.6.0_17) and jarsigner (1.6.0_18) - fail
      pack(1.6.0_18) and jarsigner (1.6.0_18) - fail

      (Any combo with jarsigner from 1.6.0_18, 1.6.0_19 and 1.6.0_20 will fail)

      For what it's worth I get the same results in an Apple 1.6.0.20 JVM, and also when using the "SignJar" and "pack200" ant tasks instead of the "jarsigner" and "pack200" tools.


      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Download http://bfo.co.uk/bug.tar.gz - this contains the Jar before packing and a dummy keystore to sign it. Running "test.sh" should, in a successful test, print the line "Main-Class" from the manifest, and in a failing test will print nothing.

      Or, if you want the manual steps:

      1. pack200 --segment-limit=-1 --effort=9 --repack postpack.jar prepack.jar
      2. jarsigner postpack.jar
      3. Check the manifest file of the signed jar - it's missing the existing entries from the original manifest.

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      The original manifest file should be appended to, not replaced.
      ACTUAL -
      Original manifest is lost

      REPRODUCIBILITY :
      This bug can be reproduced always.

      ---------- BEGIN SOURCE ----------
      See http://bfo.co.uk/misc/bug.tar.gz
      ---------- END SOURCE ----------

      CUSTOMER SUBMITTED WORKAROUND :
      None. Reverted to 1.6.0_17

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              weijun Weijun Wang
              Reporter:
              webbuggrp Webbug Group
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: