Details
-
Type:
Bug
-
Status: Closed
-
Priority:
P4
-
Resolution: Fixed
-
Affects Version/s: 7
-
Fix Version/s: 7
-
Component/s: security-libs
-
Labels:
-
Subcomponent:
-
Resolved In Build:b123
-
CPU:generic
-
OS:generic
-
Verification:Verified
Description
If a jar file has only META-INF/MANIFEST.SF, then after signing it, the output jarfile is not verifiable. That is to say, running "jarsigner -verify the.jar" shows "jar is unsigned. (signatures missing or not parsable)".
How to reproduce it:
echo "Key: Value" > manifest
jar cvfm the.jar manifest
jarsigner the.jar me
jarsigner -verify the.jar
* Use the "jar m" trick to create a jar file with no "normal" entry.
How to reproduce it:
echo "Key: Value" > manifest
jar cvfm the.jar manifest
jarsigner the.jar me
jarsigner -verify the.jar
* Use the "jar m" trick to create a jar file with no "normal" entry.
Attachments
Issue Links
- relates to
-
JDK-7023056 NPE from sun.security.util.ManifestEntryVerifier.verify during Maven build
-
- Closed
-