Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8252517

Symlinks attributes not preserved when using jarsigner on zip files

    Details

    • Subcomponent:
    • Compatibility Kind:
      behavioral
    • Compatibility Risk:
      minimal
    • Compatibility Risk Description:
      Preserving such attributes should cause no surprises.
    • Interface Kind:
      Other
    • Scope:
      Implementation

      Description

      Summary

      Have the jarsigner tool retain symbolic link attributes already in place during signing operations.

      Problem

      Following on from work already done via https://bugs.openjdk.java.net/browse/JDK-8218021

      The POSIX file permission attribute values are stored in 12 of the bits allocated to the external file attributes field. 4 extra bits store information such as symlink information.

      Although there is no explicit definition in the Zip specification about the canonical way to store these attributes, there exists a common sense amongst implementors of Zip tooling serving as a de-facto standard, leveraging Zip's CEN header fields. Support for symbolic links is based on the work in info-zip implementation which is available as open source: http://infozip.sourceforge.net/

      When jarsigner is used to sign a jar/zip file, a new zip is cloned and replaces the original file once signed. Until this enhancement, jarsigner ignores some of the file attribute values stored in the file being signed and resets them to '0' in the newly signed file. Files created from the jar tool don't store symbolic link information and rather place a direct reference to the file instead. The issue mainly affects files created by the zip tool implementation. The info-zip project provides a zipinfo command. Ideally, jarsigner should not be removing such zipfile attributes when signing a zipfile.

      Solution

      Make jarsigner 'symbolic link' attributes aware. If such attributes are present in a file being signed, preserve them.

      The existing warning introduced in JDK-8218021 is expanded to include symbolic link reference. The warning will be emitted from the jarsigner tool when signing and verifying signed files that contain symbolic link attributes. The warning will indicate that such attribute values are not used during the file verification process. The warning printed will be: "POSIX file permission and/or symlink attributes detected. Note that these attributes are unsigned and not protected by the signature."

      Specification

      A JDK implementation specific behavioural change to have jarsigner preserve symbolic link attributes, when present. This attribute stored with any entry in the original jar/zip resource will be saved in the newly signed jar/zip file.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                coffeys Sean Coffey
                Reporter:
                shadowbug Shadow Bug
                Reviewed By:
                Alan Bateman, Lance Andersen, Weijun Wang
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: