RFR: 8332110: [macos] jpackage tries to sign added files without the --mac-sign option
Michael Hall
mik3hall at gmail.com
Fri May 24 08:47:10 UTC 2024
> On May 24, 2024, at 3:08 AM, Michael Hall <mik3hall at gmail.com> wrote:
>
>> On May 23, 2024, at 8:13 PM, Alexander Matveev <almatvee at openjdk.org <mailto:almatvee at openjdk.org>> wrote:
>>
>> otherwise add additional content as post-processing step.
>
> Doesn’t this still leave you with an application that isn’t validly signed? And probably won’t run because of that.
>
>> 2) jpackage --type app-image -n Test --app-content ReadMe ...
>
> For your example. This almost seems like an Apple bug if you can add a directory to the Contents directory but not a file?
Sorry I made my prior off-list.
Would it also generally be a good idea to include a final codesign verify to fail the build if something is wrong with the signature?
Something like…
echo '*******************'
echo 'verifying signature'
echo '*******************'
codesign -v --verbose=4 outputdir/HalfPipe.app
Expected output…
*******************
verifying signature
*******************
outputdir/HalfPipe.app: valid on disk
outputdir/HalfPipe.app: satisfies its Designated Requirement
I think I have suggested this before but don’t remember if I did an enhancement request. Maybe you do that and I’m just not aware of it if it doesn’t appear in the jpackage output.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/core-libs-dev/attachments/20240524/ada5e0a4/attachment-0002.htm>
More information about the core-libs-dev
mailing list