Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.programmer > #21477

Re: really odd problem with jar signing

From Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at>
Newsgroups comp.lang.java.programmer
Subject Re: really odd problem with jar signing
Date 2013-01-17 15:16 +0000
Organization A noiseless patient Spider
Message-ID <slrnkfg5f6.u9l.avl@gamma.logic.tuwien.ac.at> (permalink)
References (1 earlier) <2rk0f8lcv6bffevd65cjbj0i1kqao5t9f8@4ax.com> <slrnkf0n70.u9l.avl@gamma.logic.tuwien.ac.at> <spjs8y8djozt$.1vgjg2hvl7eif.dlg@40tude.net> <slrnkfcro5.u9l.avl@gamma.logic.tuwien.ac.at> <o01ff8hr01ekuo0vhrp6619ruv3lht6plm@4ax.com>

Show all headers | View raw

Roedy Green <see_website@mindprod.com.invalid> wrote:
> On Wed, 16 Jan 2013 09:12:37 +0000 (UTC), Andreas Leitgeb wrote:
>> I finally did that, and I could *not* reproduce it with my
>> self-signed cert.
> An idea.  Look at the expiry/issue date of your cert.  Look at the
> date of the recalcitrant member.

Finally I got the result for my last experiment (a modified version
of the original jar file where the recalcitrant member was copied
to same basename in another folder and to a different name in same
folder plus a different file copied onto the recalcitrant's name).

Once again, just that same one pathname was ignored. That means,
whatever triggers this specific ignoring, doesn't go for plain
filename attributes, timestamps or contents, but for the complete
path name inside the zip-file.
Perhaps it's internally taking some hash of the full pathname, and 
suffers from a collision or in-band special value of that. Murphy...

I also got some extra information this time. The signing happens on
a machine I have (user-)access to (I had always assumed it would be 
on signer's personal PC), and so I copied the keystore with my own
self-signed certificate to that machine, and signed that last version
of the jar file with my self-signed certificate, and again that single
file didn't show up in MANIFEST.MF.

So, I guess I cornered it to a problem in the particular version of
jarsigner on that machine (it is part of a jdk1.5.0_17 installation
on Solaris). Ok, I know, that's ages old and no longer supported...

The next step will be suggesting them to do the signing on a different
machine with a newer java installation, and I hope that will solve
the actual problem (namely that we simply need a completely signed
jar file, no matter where it is actually created).

PS:
Just out of curiosity, I'd like to read, if the specified symptom in
connection with java 1.5 now rings bells of recognition for anyone here.

Back to comp.lang.java.programmer | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-11 13:38 +0000
  Re: really odd problem with jar signing Roedy Green <see_website@mindprod.com.invalid> - 2013-01-11 08:45 -0800
    Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-11 17:39 +0000
      Re: really odd problem with jar signing Roedy Green <see_website@mindprod.com.invalid> - 2013-01-11 14:02 -0800
        Re: really odd problem with jar signing Roedy Green <see_website@mindprod.com.invalid> - 2013-01-11 14:14 -0800
          Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-13 16:44 +0000
            Re: really odd problem with jar signing Roedy Green <see_website@mindprod.com.invalid> - 2013-01-13 20:08 -0800
              Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-14 09:59 +0000
              Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-14 12:30 +0000
                Re: really odd problem with jar signing Roedy Green <see_website@mindprod.com.invalid> - 2013-01-14 15:10 -0800
                Re: really odd problem with jar signing Gene Wirchenko <genew@telus.net> - 2013-01-14 16:16 -0800
                Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-15 09:42 +0000
  Re: really odd problem with jar signing Roedy Green <see_website@mindprod.com.invalid> - 2013-01-11 10:01 -0800
    Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-11 18:41 +0000
      Re: really odd problem with jar signing Joerg Meier <joergmmeier@arcor.de> - 2013-01-13 10:49 +0100
        Re: really odd problem with jar signing Lars Enderin <lars.enderin@telia.com> - 2013-01-13 11:35 +0100
        Re: really odd problem with jar signing Arne Vajhøj <arne@vajhoej.dk> - 2013-01-13 22:56 -0500
        Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-16 09:12 +0000
          Re: really odd problem with jar signing Roedy Green <see_website@mindprod.com.invalid> - 2013-01-16 20:58 -0800
            Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-17 15:16 +0000
              Re: really odd problem with jar signing Roedy Green <see_website@mindprod.com.invalid> - 2013-01-17 14:36 -0800
                Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-18 15:24 +0000
                Re: really odd problem with jar signing Roedy Green <see_website@mindprod.com.invalid> - 2013-01-18 23:32 -0800
                Re: really odd problem with jar signing Andreas Leitgeb <avl@gamma.logic.tuwien.ac.at> - 2013-01-24 12:46 +0000

csiph-web