RFR: 8311877: [macos] Add CLI options to provide signing identity directly to codesign and productbuild [v3]
Alexander Matveev
almatvee at openjdk.org
Fri Oct 20 04:26:38 UTC 2023
On Fri, 20 Oct 2023 04:23:22 GMT, Alexander Matveev <almatvee at openjdk.org> wrote:
>> - Added `--mac-app-image-sign-identity` and `--mac-installer-sign-identity` CLI options to jpackage to provide signing identity directly to `codesign` and `productbuild` tools as per CSR [JDK-8316631](https://bugs.openjdk.org/browse/JDK-8316631).
>> - If `codesign` or `productbuild` fails, then output of these tools will be printed to stdout to help user diagnose issues with signing using new options. Examples with sign identity set to "test" which does not exist on system:
>>> Error: "codesign" failed with following output:
>>> test: no identity found
>>
>>> Error: "productbuild" failed with following output:
>>> productbuild: error: Cannot write product to "/Users/SOMEDIR/Test-1.0.pkg". (Could not find appropriate signing identity for “test”.)
>> - Added error handling not to allow invalid combinations of signing options.
>> - Updated signing tests to test new changes.
>
> Alexander Matveev has updated the pull request incrementally with one additional commit since the last revision:
>
> 8311877: [macos] Add CLI options to provide signing identity directly to codesign and productbuild [v2]
Yes, you got it right. I agree it does not make sense to consider error if `--mac-sign` is not specified. I fixed it as you suggested. `--mac-app-image-sign-identity` will be ignored and no signing is done if `--mac-sign` is not specified.
Also, updated `SigningPackageTest.java` to include tests for cases when only app-image is being signed or when only pkg is being signed using sign identity options.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/16085#issuecomment-1772057635
More information about the core-libs-dev
mailing list