[External] : Re: RFR: 8313904: [macos] All signing tests which verifies unsigned app images are failing
Michael Hall
mik3hall at gmail.com
Fri Aug 11 20:56:35 UTC 2023
> On Aug 11, 2023, at 3:55 PM, Alexander Matveev <alexander.matveev at oracle.com> wrote:
>
> Hi Michael,
>
>> On Aug 10, 2023, at 10:48 PM, Michael Hall <mik3hall at gmail.com <mailto:mik3hall at gmail.com>> wrote:
>>
>>
>>>>
>>>> I assume done with jpackage by indicating something like —mac-sign only? If wrong feel free to correct.
>>>
>>> No, it is always done if —mac-sign is NOT specified and we doing ad-hoc signing on app bundle only. PKG will not be ad-hoc signed.
>>> If —mac-sign is provided we will use certificate provided with —mac-sign to sign app image and PKG as before.
>>>
>>> Thanks,
>>> Alexander
>>
>> I always do dmg or app-image for quick testing. I haven’t done any pkg yet.
>>
>> So if I understand correctly now for app bundle types - dmg or app-image, some signing is always done. Certificate if signing is indicated and it is provided or adhoc if it isn’t indicated as a default. I didn’t know this.
>
> Yes, but ad-hoc signing was introduced back in JDK 20 with https://bugs.openjdk.org/browse/JDK-8298488 for macOS x64 and in JDK 19 with https://bugs.openjdk.org/browse/JDK-8277493 for macOS aarch64. We do ad-hoc signing for app images when generating PKG as well, so it is for all targets and not only for app-image or dmg.
>
> Thanks,
> Alexander
Ok, thanks again
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/core-libs-dev/attachments/20230811/9b4a9239/attachment-0001.htm>
More information about the core-libs-dev
mailing list