Submitter uses jarsigner to sign zip files. Below is the sample of final signing
command which use for signing.
jarsigner -J-Xmx1024m -keystore /path/to/java.keystore -keypass ***
-storepass *** -tsa timeStampUrl -signedjar SignFileLocation()
UploadFileLocation() --- zip file to be signed, files inside zip(After extracting) has permissions rwxr-xr-x
SignFileLocation() --- signed zip file, files inside zip(After extracting ) has permissions rw-r--r--
jarsigner is changing the file permissions as per the above finding.
This bug is affecting the release of patches and we could not find a
straightforward solution. We can sign via openssl, but that creates
additional files that make the installation of the patch incompatible with
current machinery and it would not be backward compatible either.