JDK-7096008 : treating signed files as files even if not ALL files in the jar are signed
  • Type: Bug
  • Component: tools
  • Sub-Component: jar
  • Affected Version: 6u26
  • Priority: P4
  • Status: Resolved
  • Resolution: Cannot Reproduce
  • OS: linux
  • CPU: x86
  • Submitted: 2011-09-28
  • Updated: 2022-08-08
  • Resolved: 2022-08-08
Description
FULL PRODUCT VERSION :


ADDITIONAL OS VERSION INFORMATION :
(not really relevant) 2.6.35.14-96.fc14.x86_64

A DESCRIPTION OF THE PROBLEM :
Additional details are at
https://bugzilla.redhat.com/show_bug.cgi?id=738814
where it is suggested that I file a bug report here.
The original issue was that an old jarsigner failed to sign the supposedly optional INDEX.LIST file
and this causes all of the other contents of the jar to be rejected.  Given that the individual files are signed, I don't understand why they are not trusted and used.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
regression: I believe this does work in older versions of java


REPRODUCIBILITY :
This bug can be reproduced always.
Comments
There is not enough information here or in the bug report to fully understand or reproduce the issue. Also the associated application was using a 3rd-party jnlp implementation, which might have been relevant. Closing as not reproducible.
08-08-2022
[~mullan] Is there anything to do here?
06-08-2022