fuhouyin/spring-boot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
spring-boot/spring-boot-project/spring-boot-tools/spring-boot-maven-plugin
History
Phillip Webb 33c5e1269a Write signature files to uber jars to for Oracle Java 17 verification 
Update Gradle and Maven plugins to write an empty `META-INF/BOOT.SF`
file whenever there is a nested signed jar.

This update allows Oracle Java 17 to correctly verify the nested JARs.
The file is required because `JarVerifier` has code roughly equivalent
to:

	if (!jarManifestNameChecked && SharedSecrets
			.getJavaUtilZipFileAccess().getManifestName(jf, true) == null) {
    	throw new JarException("The JCE Provider " + jarURL.toString() +
    		" is not signed.");
	}

The `SharedSecrets.getJavaUtilZipFileAccess().getManifestName(jf, true)`
call ends up in `ZipFile.getManifestName(onlyIfSignatureRelatedFiles)`
which is a private method that we cannot override in our `NestedJarFile`
subclass. By writing an empty `.SF` file we ensure that the `Manifest`
is always returned because there are always "signature related files".

Fixes gh-28837
2023-10-16 16:19:16 -07:00
..
src
Write signature files to uber jars to for Oracle Java 17 verification
2023-10-16 16:19:16 -07:00
build.gradle
Merge branch '3.1.x'
2023-08-09 09:25:38 +01:00