RFR: JDK-8237490: [macos] Add support notarizing jpackage app-image and dmg

Andy Herrick andy.herrick at oracle.com
Fri Apr 3 13:24:56 UTC 2020 

please review this revised webrev [4] to issue [2]

The previous version generated a signed app that could be notarized, but 
then couldn't run because signing the whole app resigned the executable 
with reduced entitlements.

This revision adds back in the entitlements when signing the whole app, 
as well as fixing the unit test that was failing the spctl call on 
Catalina due to signed app not being notarized.


/Andy

On 3/30/2020 1:19 PM, Andy Herrick wrote:
> revised with minor fixes as per below - webrev at [3]
>
> [3] http://cr.openjdk.java.net/~herrick/8237490/webrev.06/
>
> /Andy
>
> On 3/28/2020 9:43 AM, Andy Herrick wrote:
>>
>> On 3/27/2020 5:18 PM, Alexander Matveev wrote:
>>> Hi Andy,
>>>
>>> http://cr.openjdk.java.net/~herrick/8237490/webrev.05/src/jdk.incubator.jpackage/macosx/classes/jdk/incubator/jpackage/internal/MacAppImageBuilder.java.frames.html 
>>>
>>> Line 819,857,902 - Looks like temp debug log message. Remove it or 
>>> align with rest of code.
>> I will fix this.
>>> http://cr.openjdk.java.net/~herrick/8237490/webrev.05/src/jdk.incubator.jpackage/macosx/classes/jdk/incubator/jpackage/internal/resources/MacResources.properties.frames.html 
>>>
>>> Line 70 - Capital F.
>> and this
>>>
>>> Since we added "--timestamp" and  "--options runtime" to codesign, 
>>> will it work with older Xcode and macOS we planning to support?
>> not sure - may need some discussion of what we support and possible 
>> conditional code here.
>>>
>>> Do we need any adjustments to signing tests we have?
>>
>> The existing tests pass, but this is not unexpected (and really means 
>> nothing) since the signing tests are all skipped unless specific test 
>> certs are installed on target machine.
>>
>> We need further discussion how one is expected to provision a machine 
>> to run these tests.
>>
>> /Andy
>>
>>>
>>> Otherwise looks fine.
>>>
>>> Thanks,
>>> Alexander
>>>
>>> On 3/27/20 12:35 PM, Andy Herrick wrote:
>>>> Please review the fix to issue [1] at [2].
>>>>
>>>> This change enables notarization on Mac for dmg images and 
>>>> app-image zip files.
>>>>
>>>> /Andy
>>>>
>>>> [1]: https://bugs.openjdk.java.net/browse/JDK-8237490
>>>>
>>>> [2]: http://cr.openjdk.java.net/~herrick/8237490
>>>>
>>>

More information about the core-libs-dev mailing list