RFR: JDK-8237490: [macos] Add support notarizing jpackage app-image and dmg
Andy Herrick
andy.herrick at oracle.com
Fri Apr 3 14:20:21 UTC 2020
sorry missing webrev pointer [4]
[4] - http://cr.openjdk.java.net/~herrick/8237490/webrev.07
/Andy
On 4/3/2020 9:24 AM, Andy Herrick wrote:
> please review this revised webrev [4] to issue [2]
>
> The previous version generated a signed app that could be notarized,
> but then couldn't run because signing the whole app resigned the
> executable with reduced entitlements.
>
> This revision adds back in the entitlements when signing the whole
> app, as well as fixing the unit test that was failing the spctl call
> on Catalina due to signed app not being notarized.
>
>
> /Andy
>
> On 3/30/2020 1:19 PM, Andy Herrick wrote:
>> revised with minor fixes as per below - webrev at [3]
>>
>> [3] http://cr.openjdk.java.net/~herrick/8237490/webrev.06/
>>
>> /Andy
>>
>> On 3/28/2020 9:43 AM, Andy Herrick wrote:
>>>
>>> On 3/27/2020 5:18 PM, Alexander Matveev wrote:
>>>> Hi Andy,
>>>>
>>>> http://cr.openjdk.java.net/~herrick/8237490/webrev.05/src/jdk.incubator.jpackage/macosx/classes/jdk/incubator/jpackage/internal/MacAppImageBuilder.java.frames.html
>>>>
>>>> Line 819,857,902 - Looks like temp debug log message. Remove it or
>>>> align with rest of code.
>>> I will fix this.
>>>> http://cr.openjdk.java.net/~herrick/8237490/webrev.05/src/jdk.incubator.jpackage/macosx/classes/jdk/incubator/jpackage/internal/resources/MacResources.properties.frames.html
>>>>
>>>> Line 70 - Capital F.
>>> and this
>>>>
>>>> Since we added "--timestamp" and "--options runtime" to codesign,
>>>> will it work with older Xcode and macOS we planning to support?
>>> not sure - may need some discussion of what we support and possible
>>> conditional code here.
>>>>
>>>> Do we need any adjustments to signing tests we have?
>>>
>>> The existing tests pass, but this is not unexpected (and really
>>> means nothing) since the signing tests are all skipped unless
>>> specific test certs are installed on target machine.
>>>
>>> We need further discussion how one is expected to provision a
>>> machine to run these tests.
>>>
>>> /Andy
>>>
>>>>
>>>> Otherwise looks fine.
>>>>
>>>> Thanks,
>>>> Alexander
>>>>
>>>> On 3/27/20 12:35 PM, Andy Herrick wrote:
>>>>> Please review the fix to issue [1] at [2].
>>>>>
>>>>> This change enables notarization on Mac for dmg images and
>>>>> app-image zip files.
>>>>>
>>>>> /Andy
>>>>>
>>>>> [1]: https://bugs.openjdk.java.net/browse/JDK-8237490
>>>>>
>>>>> [2]: http://cr.openjdk.java.net/~herrick/8237490
>>>>>
>>>>
More information about the core-libs-dev
mailing list