macOS build success but codesign fail on macOS 10.13.5 or older
Junyuan Zheng
Junyuan.Zheng at microsoft.com
Thu Feb 27 20:54:48 UTC 2020
Hi Erik, Magnus,
Thank you for your feedback.
When we considered the user experience we determined that
it would be frustrating to see the build succeed but have the
output binary not signed, forcing the user to go back and check
the log for any warning message. In the end they have to either
sign the output on another machine or rebuild the whole thing.
This is why we decided that fail fast is the better option. If this
represents a departure from user expectations of the build process
then please advise.
Thanks,
Junyuan
From: Erik Joelsson <erik.joelsson at oracle.com>
Sent: Thursday, February 27, 2020 7:07 AM
To: Magnus Ihse Bursie <magnus.ihse.bursie at oracle.com>; Junyuan Zheng <Junyuan.Zheng at microsoft.com>; build-dev at openjdk.java.net <build-dev at openjdk.java.net>
Subject: [EXTERNAL] Re: macOS build success but codesign fail on macOS 10.13.5 or older
On 2020-02-27 06:16, Magnus Ihse Bursie wrote:
> I don't think it should be a fatal error. If you have a codesign
> binary on your path that does not support --option runtime, you should
> still be able to build, but not sign. Change it to a warning, and let
> the user continue without CODESIGN.
>
My interpretation of this patch is that the new check is only performed
if a valid --with-macosx-codesign-identity was provided, so the user has
clearly requested signing to be performed. In that case I agree that it
should error out.
/Erik
More information about the build-dev
mailing list