Bug ID: JDK-8218021 Have jarsigner preserve posix permission attributes

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 11	JDK 16
11.0.10-oracleFixed	16 b05Fixed

Submitter uses jarsigner to sign zip files. Below is the sample of final signing 
command which use for signing. 

jarsigner -J-Xmx1024m -keystore /path/to/java.keystore -keypass *** 
-storepass *** -tsa timeStampUrl -signedjar SignFileLocation() 
UploadFileLocation() alias 

UploadFileLocation()  --- zip file to be signed, files inside zip(After extracting) has permissions rwxr-xr-x 
SignFileLocation() --- signed zip file, files inside zip(After extracting ) has permissions rw-r--r-- 

jarsigner is changing the file permissions as per the above finding. 

This bug is affecting the release of patches and we could not find a 
straightforward solution. We can sign via openssl, but that creates 
additional files that make the installation of the patch incompatible with 
current machinery and it would not be backward compatible either.

Fix request (11u) Requesting backport of this fix for Oracle 11.0.10 parity. The change needed some adaptation, 11u RFR thread to be found here: https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2020-November/004118.html
12-11-2020
Thanks [~mullan] - docs sub-task created: JDK-8248807
03-07-2020
URL: https://hg.openjdk.java.net/jdk/jdk/rev/d886e752a7b0 User: coffeys Date: 2020-07-02 08:21:47 +0000
02-07-2020
[~coffeys] Should we also file a related docs issue to add the warning to https://docs.oracle.com/en/java/javase/14/docs/specs/man/jarsigner.html#informational-warnings ? This may also be a good place to add a link to additional information about POSIX file permissions in case users are wondering what this warning means -- perhaps the POSIX file attributes section of the jdk.zipfs module is the best place: https://download.java.net/java/early_access/jdk15/docs/api/jdk.zipfs/module-summary.html.
01-07-2020
During CSR review, a new request to have jarsigner preserve such attributes by default was requested. Will make this default behaviour for jarsigner. During the verify operation, jarsigner could also display warnings about non-use of such attributes during verification process.
29-06-2020
For zip files, we should examine this special case where external file attributes field is already populated in the central directory for each zip entry. Perhaps we can preserve that value when signing zip files.
03-10-2019
Is it possible that you could "double zip" your deliverable ? That way, your internal zip (the real deliverable) is untouched by jarsigner and the contents are still verified by jarsigner. A sample artifact might look like the following: unzip -l doublezip.zip Archive: doublezip.zip Length Date Time Name --------- ---------- ----- ---- 150 2019-08-14 16:14 META-INF/MANIFEST.MF 312 2019-08-14 16:14 META-INF/SEANKEY.SF 1310 2019-08-14 16:14 META-INF/SEANKEY.RSA 164297 2019-08-14 16:13 aug14.zip --------- ------- 166069 4 files where "aug14.zip" is the product that you're interested in.
15-08-2019

CSR :	JDK-8247499 - Have jarsigner preserve posix permission attributes
Relates :	JDK-8250968 - Symlinks attributes not preserved when using jarsigner on zip files
Relates :	JDK-8321274 - Rename ZipEntry.extraAttributes to ZipEntry.externalAttributes
Relates :	JDK-8256202 - Some tweaks for jarsigner tests PosixPermissionsTest and SymLinkTest

JDK-8248263 :	Release Note: jarsigner Preserves POSIX File Permission and symlink Attributes - Closed
JDK-8248807 :	Update jarsigner docs - Resolved