RFR: 8293550: Optionally add get-task-allow entitlement to macos binaries [v3]
Erik Joelsson
erikj at openjdk.org
Thu Sep 15 17:31:42 UTC 2022
On Thu, 15 Sep 2022 16:50:29 GMT, Magnus Ihse Bursie <ihse at openjdk.org> wrote:
>> Erik Joelsson has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Reworked doc text
>
> doc/building.md line 908:
>
>> 906: chosen if it works. If nothing works, the codesign step is skipped. Note that on
>> 907: `aarch64`, the Xcode linker will always perform a default `adhoc` signing
>> 908: without any entitlements, causing attaching and core dumps not to work.
>
> I'm getting conflicting messages, both from this text and the PR description, with what is reported in the comments to this PR (and the reason for this PR at all, I assume).
>
> Here and elsewhere it sounds like Xcode will always make `adhoc` signing *without any entitlements* on aarch64. If that is done unconditionally, then this fix cannot possible work on aarch64?
>
> I *think* what you mean is that *if no signing is provided*, on x64, Xlink just skips signing, but on aarch64, it will create an adhoc signing without any entitlements. But if singing is provided, on both x64 and aarch64 that will be used instead.
>
> If my understanding is correct, then I think this message needs updating. In fact, since we now add signing with entitlements, maybe we don't need to talk at all about what happens if we happen to build without them, and can just remove the last sentence?
Technically, on aarch64, we overwrite the default linker signing using codesign (using the -f (force) flag). I just wanted to include something that warned of the consequences of not letting the build perform the "debug" mode codesign option.
-------------
PR: https://git.openjdk.org/jdk/pull/10275
More information about the build-dev
mailing list