RFR: 8370126: Improve jpackage signing testing

[Alexander Matveev]

On Fri, 17 Oct 2025 18:45:16 GMT, Alexey Semenyuk <asemenyuk at openjdk.org> wrote:

> - Rework the SigningPackageTwoStepTest test to cover the case of bundling an unsigned predefined app image into a signed .pkg installer; make it verify expected warnings in the jpackage output.
> 
> - All jpackage tests will verify that without "--mac-sign" option, jpackage produces app images with a valid "adhoc" signature.
> 
> Additionally:
> - Fix jpackage to make it emit messages expected in the updated SigningPackageTwoStepTest test.
> - Add helper code for signing testing.
> - Automatically unlock jpackage test keychains in all signing tests.
> - Add a workaround for the `/usr/bin/codesign—-verify` command, which sometimes fails if executed without `sudo`.

Looks good with some question.

test/jdk/tools/jpackage/helpers/jdk/jpackage/test/MacSignVerify.java line 205:

> 203:             // It is known to fail for some AppContentTest test cases and all FileAssociationsTest test cases.
> 204:             // Rerunning the command with "sudo" works, though.
> 205:             return str.equals(String.format("%s: Permission denied", path));

Did you check permissions on generated application bundles in case of failure vs when it pass? Maybe we have issue with permissions in generated application images and by doing work around we hiding current bug or potential bugs.

-------------

PR Review: https://git.openjdk.org/jdk/pull/27875#pullrequestreview-3358354944
PR Review Comment: https://git.openjdk.org/jdk/pull/27875#discussion_r2446411256