Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8218021

jarsigner strips the execute permission when signing a .zip file

    Details

      Description

      Submitter uses jarsigner to sign zip files. Below is the sample of final signing
      command which use for signing.

      jarsigner -J-Xmx1024m -keystore /path/to/java.keystore -keypass ***
      -storepass *** -tsa timeStampUrl -signedjar SignFileLocation()
      UploadFileLocation() alias

      UploadFileLocation() --- zip file to be signed, files inside zip(After extracting) has permissions rwxr-xr-x
      SignFileLocation() --- signed zip file, files inside zip(After extracting ) has permissions rw-r--r--

      jarsigner is changing the file permissions as per the above finding.

      This bug is affecting the release of patches and we could not find a
      straightforward solution. We can sign via openssl, but that creates
      additional files that make the installation of the patch incompatible with
      current machinery and it would not be backward compatible either.

        Attachments

          Activity

            People

            • Assignee:
              coffeys Sean Coffey
              Reporter:
              shadowbug Shadow Bug
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: