harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geir Magnusson Jr <g...@pobox.com>
Subject Re: FYI missing mail
Date Thu, 09 Feb 2006 18:43:51 GMT


Tim Ellison wrote:
> George Harley wrote:
> <snip>
>> The post I want to refer to does not seem to be in the
>> mailing list archive (!!??!)
> 
> I don't remember you saying that (and I would have remembered such an
> eloquent and considered post ;-) )

I didn't get it either, and as he George said, it's not in the archive.

If anyone got it, can you let us know here (and once someone says they 
got it, everyone else stop telling us - we just need to know if anyone 
got it...)

geir

> 
> I still have mail that far back in my reader, and it looks like I didn't
> get it either.  Maybe it never hit the list.
> 
> p.s. +1 to the comment BTW
> 
> Regards,
> Tim
> 
>> so let me copy the relevant text in-line
>> here as I believe that what it says is important :
>>
>> --- snip from dev-list append of 1st Feb 2006 by
>> george.c.harley@googlemail.com ---
>>
>> Just to clarify your clarification of the question of current Harmony
>> behaviour ...
>>
>> (A) With the current Harmony build it looks like there is *no attempt*
>> to verify the signature of a signed jar file that has been placed on the
>> bootclasspath. I know this because I took a signed BC provider jar (as
>> downloaded from http://www.bouncycastle.org), deliberately tampered with
>> the .SF file in the META-INF folder by removing a few lines, then added
>> the modified jar to the bootclasspath of a simple program that listed
>> the algorithms supported by the BC provider. Everything worked fine.
>>
>> (B) With the current Harmony build it looks like an attempt is made at
>> verifying the signature of a signed jar in the jre/lib/ext directory.
>> The attempt fails because it involves trying to use functionality
>> exported by the jar currently being verified and so opens up a whole
>> problem with cycles.
>> To my mind, (B) is a definite bug that would be fixed by having a
>> default Harmony provider. The result of my little bit of playing with
>> (A) just reinforces the argument that relying on the bootclasspath to
>> load your third party providers is not er ... secure.
>>
>>
>> --- end of snip from dev-list append of 1st Feb 2006 by
>> george.c.harley@googlemail.com ---
>>
>>
>> Best regards,
>> George
>> IBM UK
>>
>>
>> Geir Magnusson Jr wrote:
>>>
>>> Tim Ellison wrote:
>>>> Arghhh!
>>>>
>>>> make it stop
>>>>
>>>>> From below:
>>>>  -Xbootclasspath/a:${build.path}/tests${path.separator}${env.CLASSPATH}
>>>>
>>>>
>>>> putting the CLASSPATH onto the bootclasspath.  What are you smokin' ?!
>>> That was the patch :)
>>>
>>> All that really is supposed to do is get junit and bcprov there.  I'll
>>> move.
>>>
>>> geir
>>>
>>>>
>>>> [ I know you are fixing this stuff, but I needed to vent ]
>>>>
>>>>
>>>> -------- Original Message --------
>>>> Subject: svn commit: r376144 -
>>>> /incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml
>>>>
>>>> Date: Thu, 09 Feb 2006 01:44:21 -0000
>>>> From: geirm@apache.org
>>>> Reply-To: harmony-dev@incubator.apache.org
>>>> To: harmony-commits@incubator.apache.org
>>>>
>>>> Author: geirm
>>>> Date: Wed Feb  8 17:44:19 2006
>>>> New Revision: 376144
>>>>
>>>> URL: http://svn.apache.org/viewcvs?rev=376144&view=rev
>>>> Log:
>>>> put the bootclasspath stuff back for classlib tests
>>>> because as I'm renaming some tests, it appears that
>>>> when things reordered, tests broke.  On a lark, I put
>>>> it back, and things work.  Scary.
>>>>
>>>> Will investigate further, but wanted to fix so tests run
>>>>
>>>> Also, changed one of the exclusion lists due to renaming.
>>>>
>>>>
>>>> Modified:
>>>>
>>>> incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml
>>>>
>>>>
>>>> Modified:
>>>> incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml
>>>>
>>>> URL:
>>>> http://svn.apache.org/viewcvs/incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml?rev=376144&r1=376143&r2=376144&view=diff
>>>>
>>>> ==============================================================================
>>>>
>>>> ---
>>>> incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml
>>>>
>>>> (original)
>>>> +++
>>>> incubator/harmony/enhanced/classlib/trunk/modules/security2/make/build.xml
>>>>
>>>> Wed Feb  8 17:44:19 2006
>>>> @@ -499,6 +499,8 @@
>>>>              <env key="JAVA_HOME" value="${vm.home}"/>
>>>>
>>>>              <!-- to pick up junit.jar and bouncycastle.jar -->
>>>> +            <jvmarg
>>>> value="-Xbootclasspath/p:${build.jars.path}/crypto.jar${path.separator}${build.jars.path}/x_net.jar"/>
>>>>
>>>> +
>>>>              <jvmarg
>>>> value="-Xbootclasspath/a:${build.path}/tests${path.separator}${env.CLASSPATH}"/>
>>>>
>>>>
>>>>              <jvmarg
>>>> value="-Djava.security.properties==${build.lib.path}/security/java.security"/>
>>>>
>>>> @@ -518,7 +520,7 @@
>>>>                      <exclude
>>>> name="org/apache/harmony/security/test/**"/>
>>>>                                          <!-- Harmony exclude list -->
>>>> -                    <exclude
>>>> name="java/security/AlgorithmParameterGeneratorTest1.java"/>
>>>> +                    <exclude
>>>> name="java/security/AlgorithmParameterGenerator1Test.java"/>
>>>>                      <exclude name="java/security/KSBuilderTest.java"/>
>>>>                      <exclude
>>>> name="java/security/KeyPairGeneratorTest1.java"/>
>>>>                      <exclude
>>>> name="java/security/KeyPairGeneratorTest3.java"/>
>>>>
>>>>
>>>>
>>>>
>>
> 

Mime
View raw message