JDK-6958622 : Regression: Signing pack200-reordered Jar files strips existing MANIFEST.MF
  • Type: Bug
  • Component: tools
  • Sub-Component: jar
  • Affected Version: 6u10
  • Priority: P2
  • Status: Closed
  • Resolution: Duplicate
  • OS: linux
  • CPU: x86
  • Submitted: 2010-06-04
  • Updated: 2012-03-20
  • Resolved: 2010-08-19
Related Reports
Duplicate :  
JDK-6948909 - Jarsigner removes MANIFEST.MF info for badly packages jar's
Description
FULL PRODUCT VERSION :
java version "1.6.0_20"
Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
Java HotSpot(TM) Client VM (build 16.3-b01, mixed mode, sharing)


ADDITIONAL OS VERSION INFORMATION :
Linux bfo 2.6.32-22-generic-pae

A DESCRIPTION OF THE PROBLEM :
Signing a Jar file containing an existing MANIFEST.MF strips the existing content - eg "Main-Class", "Implementation-Version" etc., and replaces it with with the class signatures, rather than appending the class signatures to the existing content.

This doesn't apply to all Jars - I've tested two or three - but a contributing factor seems to be if the Jar has previously been repacked using "pack200".

Note this is a regression: I have tested running "pack200" and "jarsigner" from JVMs 1.6.0_17 to 1.6.0_20 and got the following results:

pack(1.6.0_17) and jarsigner (1.6.0_17) - success
pack(1.6.0_18) and jarsigner (1.6.0_17) - success
pack(1.6.0_19) and jarsigner (1.6.0_17) - success
pack(1.6.0_20) and jarsigner (1.6.0_17) - success
pack(1.6.0_17) and jarsigner (1.6.0_18) - fail
pack(1.6.0_18) and jarsigner (1.6.0_18) - fail

(Any combo with jarsigner from 1.6.0_18, 1.6.0_19 and 1.6.0_20 will fail)

For what it's worth I get the same results in an Apple 1.6.0.20 JVM, and also when using the "SignJar" and "pack200" ant tasks instead of the "jarsigner" and "pack200" tools.


STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Download http://bfo.co.uk/bug.tar.gz - this contains the Jar before packing and a dummy keystore to sign it. Running "test.sh" should, in a successful test, print the line "Main-Class" from the manifest, and in a failing test will print nothing.

Or, if you want the manual steps:

1. pack200 --segment-limit=-1 --effort=9 --repack postpack.jar prepack.jar
2. jarsigner postpack.jar
3. Check the manifest file of the signed jar - it's missing the existing entries from the original manifest.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The original manifest file should be appended to, not replaced.
ACTUAL -
Original manifest is lost

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
See http://bfo.co.uk/misc/bug.tar.gz
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
None. Reverted to 1.6.0_17
Comments
EVALUATION No answer from customer. Close now.
19-08-2010
EVALUATION Looks like a dup of 6948909. I've asked the customer for confirmation.
09-07-2010