RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
Alexander Matveev
almatvee at openjdk.java.net
Wed Aug 4 21:01:29 UTC 2021
On Wed, 4 Aug 2021 20:00:37 GMT, Andy Herrick <herrick at openjdk.org> wrote:
> 8271868: Warn user when using mac-sign option with unsigned app-image.
Changes requested by almatvee (Reviewer).
src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/MacAppImageBuilder.java line 877:
> 875: try {
> 876: IOUtils.exec(new ProcessBuilder("/usr/bin/codesign",
> 877: "--verify", file.toString()));
--deep should be added, so check is run on nested frameworks and helpers.
src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/MacBaseInstallerBundler.java line 142:
> 140: // is not allready signed.
> 141: Path launcher = applicationImage.resolve("Contents/MacOS")
> 142: .resolve(APP_NAME.fetchFrom(params));
As far as I remember launcher can be signed, but entire app image might not be signed. So, in this case check will pass, but notarization will fail. I think we should run check on app image itself.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5004
More information about the core-libs-dev
mailing list