Looks good. - Alexey On 4/4/2020 8:53 AM, Andy Herrick wrote:
I think it best to modify these checks as part of a separate issue, and leave these checks disabled as part of JDK-8237490. I have filed JDK-8242155 to enhance these tests, including restoring these checks.
/ANdy
On 4/3/2020 7:29 PM, Alexander Matveev wrote:
Hi Andy,
http://cr.openjdk.java.net/~herrick/8237490/webrev.07/test/jdk/tools/jpackag...
Maybe better to check for Catalina case as well, instead of disabling check. We can assume that on Catalina code 3 and not notarized will consider as pass. In case if it fails for some other reasons.
Otherwise looks fine.
Thanks, Alexander
On 4/3/20 7:20 AM, Andy Herrick wrote:
sorry missing webrev pointer [4]
[4] - http://cr.openjdk.java.net/~herrick/8237490/webrev.07
/Andy
On 4/3/2020 9:24 AM, Andy Herrick wrote:
please review this revised webrev [4] to issue [2]
The previous version generated a signed app that could be notarized, but then couldn't run because signing the whole app resigned the executable with reduced entitlements.
This revision adds back in the entitlements when signing the whole app, as well as fixing the unit test that was failing the spctl call on Catalina due to signed app not being notarized.
/Andy
On 3/30/2020 1:19 PM, Andy Herrick wrote:
revised with minor fixes as per below - webrev at [3]
[3] http://cr.openjdk.java.net/~herrick/8237490/webrev.06/
/Andy
On 3/28/2020 9:43 AM, Andy Herrick wrote:
On 3/27/2020 5:18 PM, Alexander Matveev wrote: > Hi Andy, > > http://cr.openjdk.java.net/~herrick/8237490/webrev.05/src/jdk.incubator.jpac... > > Line 819,857,902 - Looks like temp debug log message. Remove it > or align with rest of code. I will fix this. > http://cr.openjdk.java.net/~herrick/8237490/webrev.05/src/jdk.incubator.jpac... > > Line 70 - Capital F. and this > > Since we added "--timestamp" and "--options runtime" to > codesign, will it work with older Xcode and macOS we planning to > support? not sure - may need some discussion of what we support and possible conditional code here. > > Do we need any adjustments to signing tests we have?
The existing tests pass, but this is not unexpected (and really means nothing) since the signing tests are all skipped unless specific test certs are installed on target machine.
We need further discussion how one is expected to provision a machine to run these tests.
/Andy
> > Otherwise looks fine. > > Thanks, > Alexander > > On 3/27/20 12:35 PM, Andy Herrick wrote: >> Please review the fix to issue [1] at [2]. >> >> This change enables notarization on Mac for dmg images and >> app-image zip files. >> >> /Andy >> >> [1]: https://bugs.openjdk.java.net/browse/JDK-8237490 >> >> [2]: http://cr.openjdk.java.net/~herrick/8237490 >> >