RFR: 8352176: Automate setting up environment for mac signing tests [v4]
Alexey Semenyuk
asemenyuk at openjdk.org
Thu Mar 20 22:06:50 UTC 2025
> Automate setting up an environment for mac signing tests: create keychain(s), self-signing certificates, and register them in the system.
>
> To set up the environment, run `make test-only TEST=test/jdk/tools/jpackage/macosx/base/SigningBase.java JTREG=JAVA_OPTIONS=-Djpackage.test.SignEnv=setup` command.
>
> The above command will create "jpackagerTest.keychain" keychain, one private RSA key, and four self-signed certificates using this key:
> | Certificate common name (CN) | Usage |
> |----------------------------------|-----|
> | Developer ID Application: jpackage.openjdk.java.net|Code sign|
> | Developer ID Installer: jpackage.openjdk.java.net|.pkg sign|
> | Developer ID Application: jpackage.openjdk.java.net (ö)|Code sign|
> | Developer ID Installer: jpackage.openjdk.java.net (ö)|.pkg sign|
>
> Certificates will be added to the list of trusted certificates using a sequence of `security add-trusted-cert...` commands (one command per certificate). This step will require user interaction to enter the user account password as many times as the number of created certificates (four). A user will be presented with the "Trust certificate" dialog describing which certificate is about to be added to the list of trusted certificates before the dialog prompting the user password pops up:
> <img width="440" alt="trust-cert-prompt" src="https://github.com/user-attachments/assets/a67d0966-2dea-4bc6-93a6-f52dad599898" />
>
> When the user presses the "OK" button on the "Trust certificate" dialog, the dialog prompting the user password will pop up:
> <img width="800" alt="trust-cert-prompt-2" src="https://github.com/user-attachments/assets/1d1f022d-54ac-4a7e-8d0a-9bfe65c76b49" />
>
> Suppose the user presses the "Cancel" button on the "Trust certificate" dialog. In that case, the dialog prompting the user password will NOT pop up, and the whole sequence of adding certificates to the list of trusted certificates will abort.
>
> If the user presses the "Cancel" button on the dialog prompting the user password, it will be dismissed, and the user will start over with the same "Trust certificate" dialog.
>
> Every "Trust certificate" dialog has a one-minute timeout. If the dialog is automatically dismissed because of the timeout expiration, adding certificates to the list of trusted certificates will abort.
>
> To tear down the environment, run `make test-only TEST=test/jdk/tools/jpackage/macosx/base/SigningBase.java JTREG=JAVA_OPTIONS=-Djpackage.test.SignEnv=teardown` command. This command will unlink and delete...
Alexey Semenyuk has updated the pull request incrementally with one additional commit since the last revision:
Make UI work in restricted env.
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/24087/files
- new: https://git.openjdk.org/jdk/pull/24087/files/abf8783a..e2f6bd72
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=24087&range=03
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=24087&range=02-03
Stats: 7 lines in 1 file changed: 3 ins; 0 del; 4 mod
Patch: https://git.openjdk.org/jdk/pull/24087.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/24087/head:pull/24087
PR: https://git.openjdk.org/jdk/pull/24087
More information about the core-libs-dev
mailing list