[jdk19] RFR: 8289030: [macos] app image signature invalid when creating DMG or PKG
Alexey Semenyuk
asemenyuk at openjdk.org
Fri Jul 1 19:39:45 UTC 2022
On Wed, 29 Jun 2022 03:03:15 GMT, Alexander Matveev <almatvee at openjdk.org> wrote:
> Fixed 3 issues which made signature invalid:
> - We should not remove .jpackage.xml from signed app image when creating DMG or PKG otherwise it invalidates signature.
> - .package should be created when app image is generated, so this file can be signed.
> - Copying predefine app image for DMG and PKG should not follow symbolic links, otherwise several files from runtime (COPYRIGHT and LICENSE) will be copied instead of symbolic links being created, since it invalidates signature as well.
>
> Added additional test to validate signature when DMG or PKG is generated from predefined app image.
I think we can do the following for the signed image: don't add the `.package` file. Instead, write a warning saying that because the app image is signed, support for per-user configuration of the installed app will not be working. (https://bugs.openjdk.org/browse/JDK-8287060 refers to per-use configuration)
-------------
PR: https://git.openjdk.org/jdk19/pull/89
More information about the core-libs-dev
mailing list