RFR: JDK-8237490: [macos] Add support notarizing jpackage app-image and dmg

alexander.matveev at oracle.com alexander.matveev at oracle.com
Tue Apr 7 21:57:52 UTC 2020


Hi Andy,

Yes, it is fine to fix test in followup CR.

Thanks,
Alexander


On 4/7/20 5:11 AM, Andy Herrick wrote:
> Alexander:
>
> Can I take it your OK with revising these tests in the followup CR ?
>
> /Andy
>
> On 4/4/20 8:53 AM, Andy Herrick wrote:
>> I think it best to modify these checks as part of a separate issue, 
>> and leave these checks disabled as part of JDK-8237490.  I have filed 
>> JDK-8242155 to enhance these tests, including restoring these checks.
>>
>> /ANdy
>>
>> On 4/3/2020 7:29 PM, Alexander Matveev wrote:
>>> Hi Andy,
>>>
>>> http://cr.openjdk.java.net/~herrick/8237490/webrev.07/test/jdk/tools/jpackage/macosx/base/SigningBase.java.frames.html 
>>>
>>> Maybe better to check for Catalina case as well, instead of 
>>> disabling check. We can assume that on Catalina code 3 and not 
>>> notarized will consider as pass. In case if it fails for some other 
>>> reasons.
>>>
>>> Otherwise looks fine.
>>>
>>> Thanks,
>>> Alexander
>>>
>>> On 4/3/20 7:20 AM, Andy Herrick wrote:
>>>> sorry missing webrev pointer [4]
>>>>
>>>> [4] - http://cr.openjdk.java.net/~herrick/8237490/webrev.07
>>>>
>>>> /Andy
>>>>
>>>> On 4/3/2020 9:24 AM, Andy Herrick wrote:
>>>>> please review this revised webrev [4] to issue [2]
>>>>>
>>>>> The previous version generated a signed app that could be 
>>>>> notarized, but then couldn't run because signing the whole app 
>>>>> resigned the executable with reduced entitlements.
>>>>>
>>>>> This revision adds back in the entitlements when signing the whole 
>>>>> app, as well as fixing the unit test that was failing the spctl 
>>>>> call on Catalina due to signed app not being notarized.
>>>>>
>>>>>
>>>>> /Andy
>>>>>
>>>>> On 3/30/2020 1:19 PM, Andy Herrick wrote:
>>>>>> revised with minor fixes as per below - webrev at [3]
>>>>>>
>>>>>> [3] http://cr.openjdk.java.net/~herrick/8237490/webrev.06/
>>>>>>
>>>>>> /Andy
>>>>>>
>>>>>> On 3/28/2020 9:43 AM, Andy Herrick wrote:
>>>>>>>
>>>>>>> On 3/27/2020 5:18 PM, Alexander Matveev wrote:
>>>>>>>> Hi Andy,
>>>>>>>>
>>>>>>>> http://cr.openjdk.java.net/~herrick/8237490/webrev.05/src/jdk.incubator.jpackage/macosx/classes/jdk/incubator/jpackage/internal/MacAppImageBuilder.java.frames.html 
>>>>>>>>
>>>>>>>> Line 819,857,902 - Looks like temp debug log message. Remove it 
>>>>>>>> or align with rest of code.
>>>>>>> I will fix this.
>>>>>>>> http://cr.openjdk.java.net/~herrick/8237490/webrev.05/src/jdk.incubator.jpackage/macosx/classes/jdk/incubator/jpackage/internal/resources/MacResources.properties.frames.html 
>>>>>>>>
>>>>>>>> Line 70 - Capital F.
>>>>>>> and this
>>>>>>>>
>>>>>>>> Since we added "--timestamp" and  "--options runtime" to 
>>>>>>>> codesign, will it work with older Xcode and macOS we planning 
>>>>>>>> to support?
>>>>>>> not sure - may need some discussion of what we support and 
>>>>>>> possible conditional code here.
>>>>>>>>
>>>>>>>> Do we need any adjustments to signing tests we have?
>>>>>>>
>>>>>>> The existing tests pass, but this is not unexpected (and really 
>>>>>>> means nothing) since the signing tests are all skipped unless 
>>>>>>> specific test certs are installed on target machine.
>>>>>>>
>>>>>>> We need further discussion how one is expected to provision a 
>>>>>>> machine to run these tests.
>>>>>>>
>>>>>>> /Andy
>>>>>>>
>>>>>>>>
>>>>>>>> Otherwise looks fine.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Alexander
>>>>>>>>
>>>>>>>> On 3/27/20 12:35 PM, Andy Herrick wrote:
>>>>>>>>> Please review the fix to issue [1] at [2].
>>>>>>>>>
>>>>>>>>> This change enables notarization on Mac for dmg images and 
>>>>>>>>> app-image zip files.
>>>>>>>>>
>>>>>>>>> /Andy
>>>>>>>>>
>>>>>>>>> [1]: https://bugs.openjdk.java.net/browse/JDK-8237490
>>>>>>>>>
>>>>>>>>> [2]: http://cr.openjdk.java.net/~herrick/8237490
>>>>>>>>>
>>>>>>>>
>>>


More information about the core-libs-dev mailing list