Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8281234: The -protected option is not always checked in keytool and jarsigner #3163

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

GoeLin
Copy link
Member

@GoeLin GoeLin commented Dec 22, 2024

I would like to fix this issue in 17. I think it's important to get this feature rigtht.

I had to work around missing "8281175: Add a -providerPath option to jarsigner" in the test, else the patch would be clean.


Progress

  • Change must be properly reviewed (1 review required, with at least 1 Reviewer)
  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • JDK-8281234 needs maintainer approval

Issue

  • JDK-8281234: The -protected option is not always checked in keytool and jarsigner (Bug - P3 - Requested)

Reviewers

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk17u-dev.git pull/3163/head:pull/3163
$ git checkout pull/3163

Update a local copy of the PR:
$ git checkout pull/3163
$ git pull https://git.openjdk.org/jdk17u-dev.git pull/3163/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 3163

View PR using the GUI difftool:
$ git pr show -t 3163

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk17u-dev/pull/3163.diff

Using Webrev

Link to Webrev Comment

@bridgekeeper
Copy link

bridgekeeper bot commented Dec 22, 2024

👋 Welcome back goetz! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk
Copy link

openjdk bot commented Dec 22, 2024

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

@openjdk openjdk bot changed the title Backport fc918a73d0dcc28146e60f15e978209424a32576 8281234: The -protected option is not always checked in keytool and jarsigner Dec 22, 2024
@openjdk
Copy link

openjdk bot commented Dec 22, 2024

This backport pull request has now been updated with issue from the original commit.

@openjdk openjdk bot added backport rfr Pull request is ready for review labels Dec 22, 2024
@mlbridge
Copy link

mlbridge bot commented Dec 22, 2024

Webrevs

-J--add-exports -Jjava.base/sun.security.tools.keytool=ALL-UNNAMED
-J--add-exports -Jjava.base/sun.security.x509=ALL-UNNAMED
-providerClass AutoKeyStore$AutoProvider
-providerPath $test.classes
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You changed the code below due to missing "8281175: Add a -providerPath option to jarsigner", but here, there is still "-providerPath".

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code above calls keytool which supports the argument. jarsigner does not. For jarsigner it was added by above mentioned change.

test/lib/jdk/test/lib/SecurityTools.java Show resolved Hide resolved
@GoeLin
Copy link
Member Author

GoeLin commented Dec 27, 2024

This parses the -J$java.classes I added above. It replaces it by -J/path/to/jtreg/workdir/classes/0/sun/security/tools/jarsigner/AutoKeyStore.d

I think this is a bit of exagerated gymnastics to be able to use plain """ strings in the test. But as the original test introduced this $test.classes syntax I thought I better keep it that way.

I coudl add to the docu above that it now supports {https://github.com/code -J$sysProp}.

@TheRealMDoerr
Copy link
Contributor

TheRealMDoerr commented Dec 27, 2024

I think this is ok. Yes, adding it the the docu would be nice.

Copy link
Contributor

@TheRealMDoerr TheRealMDoerr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@openjdk
Copy link

openjdk bot commented Dec 30, 2024

⚠️ @GoeLin This change is now ready for you to apply for maintainer approval. This can be done directly in each associated issue or by using the /approval command.

@openjdk openjdk bot added the approval label Dec 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approval backport rfr Pull request is ready for review
Development

Successfully merging this pull request may close these issues.

2 participants