Comments on jpackage (JEP 343)

[Alexey Semenyuk]

On 10/2/2019 12:33 PM, Sverre Moe wrote:
> ons. 2. okt. 2019 kl. 16:07 skrev Alexey Semenyuk 
> <alexey.semenyuk at oracle.com <mailto:alexey.semenyuk at oracle.com>>:
>
>     Hi Sverre,
>
>     Thank you for doing this research. I don't think we should complicate
>     jpackage by adding signing steps in it.
>     However we can add a call to custom script after msi is
>     constructed but
>     before it get embedded in exe installer.
>     This script can sign msi.
>
>     We already support call of custom script from resource dir before
>     building msi. Just need to add another call.
>
>     - Alexey
>
> I can certainly use the custom application-post-image.wsf to sign the 
> application image executable. However I don't think it would be easy 
> considering that this executable is left read-only by jpackage.
I didn't mean to sign application image executable. This opportunity is 
already available.
I meant we can add to jpackage functionality to call custom script after 
msi is created but before it get embedded in exe installer.
Exe installer produced by jpackage is just a container for msi 
installer. Before msi will be put in the container there will be an 
opportunity to modify (sign) the msi.
Currently the steps to create exe installer are:
1.1 Create app image
1.2 Call application-post-image.wsf if available
2. Create msi from app image
3. Create exe from msi

It will be changed to:
1.1 Create app image
1.2 Call application-post-image.wsf if available
2.1 Create msi from app image
2.2 Call application-post-msi.wsf if available
3. Create exe from msi

- Alexey

>
> When it comes to signing the MSI and EXE installers, that can be done 
> after running jpackage with a Gradle Exec task.
>
> /Sverre