Spring/spring-boot
Spring/spring-boot
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-boot.git synced 2024-08-29 03:06:45 +08:00
Code Issues Packages Projects Releases Wiki Activity
3c62defb9d
spring-boot/spring-boot-project/spring-boot-tools/spring-boot-maven-plugin
History
Phillip Webb 33c5e1269a Write signature files to uber jars to for Oracle Java 17 verification 
Update Gradle and Maven plugins to write an empty `META-INF/BOOT.SF`
file whenever there is a nested signed jar.

This update allows Oracle Java 17 to correctly verify the nested JARs.
The file is required because `JarVerifier` has code roughly equivalent
to:

	if (!jarManifestNameChecked && SharedSecrets
			.getJavaUtilZipFileAccess().getManifestName(jf, true) == null) {
    	throw new JarException("The JCE Provider " + jarURL.toString() +
    		" is not signed.");
	}

The `SharedSecrets.getJavaUtilZipFileAccess().getManifestName(jf, true)`
call ends up in `ZipFile.getManifestName(onlyIfSignatureRelatedFiles)`
which is a private method that we cannot override in our `NestedJarFile`
subclass. By writing an empty `.SF` file we ensure that the `Manifest`
is always returned because there are always "signature related files".

Fixes gh-28837
2023-10-16 16:19:16 -07:00
..
src Write signature files to uber jars to for Oracle Java 17 verification 2023-10-16 16:19:16 -07:00
build.gradle Merge branch '3.1.x' 2023-08-09 09:25:38 +01:00