[jdk19] RFR: 8289030: [macos] app image signature invalid when creating DMG or PKG

Alexey Semenyuk asemenyuk at openjdk.org
Fri Jul 1 19:34:41 UTC 2022


On Wed, 29 Jun 2022 03:03:15 GMT, Alexander Matveev <almatvee at openjdk.org> wrote:

> Fixed 3 issues which made signature invalid:
> - We should not remove .jpackage.xml from signed app image when creating DMG or PKG otherwise it invalidates signature.
> - .package should be created when app image is generated, so this file can be signed.
> - Copying predefine app image for DMG and PKG should not follow symbolic links, otherwise several files from runtime (COPYRIGHT and LICENSE) will be copied instead of symbolic links being created, since it invalidates signature as well.
> 
> Added additional test to validate signature when DMG or PKG is generated from predefined app image.

src/jdk.jpackage/share/classes/jdk/jpackage/internal/AbstractAppImageBuilder.java line 83:

> 81:         if (Platform.isMac()) {
> 82:             new PackageFile(APP_NAME.fetchFrom(params)).save(
> 83:                     ApplicationLayout.macAppImage().resolveAt(root));

If `.package` file is created in every app image, then this will result in app launchers of not installed apps attempting to read .cfg files from user home directory.
The bigger issue on mac is that we can't modify app images after they are signed. We need a generic solution to the problem.

-------------

PR: https://git.openjdk.org/jdk19/pull/89


More information about the core-libs-dev mailing list