-
Bug
-
Resolution: Duplicate
-
P3
-
None
-
11.0.20
A DESCRIPTION OF THE PROBLEM :
When adding a manifest to an apk file using the `jar` tool, the CEN header gets corrupted.
Since Java 11.0.20 `jarsigner` now does extra validation of ZIP64 extra fields, which makes it easy to see that `jarsigner` can open the original apk file and verify it. However, after adding a manifest to the apk with `jar`, `jarsigner` now fails with "jarsigner: java.util.zip.ZipException: Invalid CEN header (invalid zip64 extra data field size)".
This is of course not an issue in the `jarsigner` tool, but in the `jar` tool.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Download https://gist.github.com/tyilo/1d81657461267f2bc21e6a78cd026e70/raw/4584fa37b88246115a9084a30c447791357cb891/app-release-unsigned.apk (This file was created by building a release APK of a new project using Android Studio):
```
$ curl -OL https://gist.github.com/tyilo/1d81657461267f2bc21e6a78cd026e70/raw/4584fa37b88246115a9084a30c447791357cb891/app-release-unsigned.apk
```
Verify that the file is valid zip file according to `jarsigner`:
```
$ jarsigner -verify app-release-unsigned.apk
no manifest.
jar is unsigned.
```
Add a manifest file to the `apk` with `jar`:
```
$ printf 'Manifest-Version: 1.0\nFoo: Bar\n' > manifest.mf
$ jar umvf manifest.mf app-release-unsigned.apk
updated manifest
```
See that `jarsigner` now can't parse the file:
```
$ jarsigner -verify app-release-unsigned.apk
jarsigner: java.util.zip.ZipException: Invalid CEN header (invalid zip64 extra data field size)
```
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Adding a manifest to a jar file with `jar` shouldn't corrupt the CEN header.
FREQUENCY : always
When adding a manifest to an apk file using the `jar` tool, the CEN header gets corrupted.
Since Java 11.0.20 `jarsigner` now does extra validation of ZIP64 extra fields, which makes it easy to see that `jarsigner` can open the original apk file and verify it. However, after adding a manifest to the apk with `jar`, `jarsigner` now fails with "jarsigner: java.util.zip.ZipException: Invalid CEN header (invalid zip64 extra data field size)".
This is of course not an issue in the `jarsigner` tool, but in the `jar` tool.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Download https://gist.github.com/tyilo/1d81657461267f2bc21e6a78cd026e70/raw/4584fa37b88246115a9084a30c447791357cb891/app-release-unsigned.apk (This file was created by building a release APK of a new project using Android Studio):
```
$ curl -OL https://gist.github.com/tyilo/1d81657461267f2bc21e6a78cd026e70/raw/4584fa37b88246115a9084a30c447791357cb891/app-release-unsigned.apk
```
Verify that the file is valid zip file according to `jarsigner`:
```
$ jarsigner -verify app-release-unsigned.apk
no manifest.
jar is unsigned.
```
Add a manifest file to the `apk` with `jar`:
```
$ printf 'Manifest-Version: 1.0\nFoo: Bar\n' > manifest.mf
$ jar umvf manifest.mf app-release-unsigned.apk
updated manifest
```
See that `jarsigner` now can't parse the file:
```
$ jarsigner -verify app-release-unsigned.apk
jarsigner: java.util.zip.ZipException: Invalid CEN header (invalid zip64 extra data field size)
```
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Adding a manifest to a jar file with `jar` shouldn't corrupt the CEN header.
FREQUENCY : always
- duplicates
-
-
- Closed
-
- relates to
-
-
- Closed
-