Relates :
|
|
Relates :
|
|
Relates :
|
FULL PRODUCT VERSION : java version "1.8.0-ea" Java(TM) SE Runtime Environment (build 1.8.0-ea-b121) Java HotSpot(TM) 64-Bit Server VM (build 25.0-b63, mixed mode) ADDITIONAL OS VERSION INFORMATION : Linux tc 3.12.6-1-ARCH #1 SMP PREEMPT Fri Dec 20 19:39:00 CET 2013 x86_64 GNU/Linux A DESCRIPTION OF THE PROBLEM : In Apache maven-jarsigner-plugin we got a regression around the jarsigner -verify command applyed to a unsigned jar. With jdk 1.7.0_45: $> jarsigner -verify tampered.jar jarsigner: java.lang.SecurityException: Invalid signature file digest for Manifest main attributes Exit code is 1. With jdk 1.8.0: $> jarsigner -verify tampered.jar jar is unsigned. (signatures missing or not parsable) Exit code is 0. REGRESSION. Last worked in version 7u45 ADDITIONAL REGRESSION INFORMATION: java version "1.7.0_45" Java(TM) SE Runtime Environment (build 1.7.0_45-b18) Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode) STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : Try on a bad signed jar: svn co http://svn.apache.org/repos/asf/maven/plugins/trunk/maven-jarsigner-plugin/src/it/verify-fail/tampered.jar run on it jarsigner -verify tampered.jar or Get the maven-jarsigner-plugin and execute the verify-fail IT svn co http://svn.apache.org/repos/asf/maven/plugins/trunk/maven-jarsigner-plugin cd maven-jarsigner-plugin mvn verify -Prun-its -Dinvoker.pom=src/it/verify-fail/pom.xml EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - Exit code = 1 ACTUAL - Exit code = 0 REPRODUCIBILITY : This bug can be reproduced always.
|