[11u] backport JDK-8240972: macOS codesign fail on macOS 10.13.5 or older

Langer, Christoph christoph.langer at sap.com
Wed Mar 18 20:05:57 UTC 2020 

Hi Junyuan,

I think this looks good. I can approve&sponsor this for you. I think we want to get this into jdk14u as well.

Best regards
Christoph

> -----Original Message-----
> From: jdk-updates-dev <jdk-updates-dev-bounces at openjdk.java.net> On
> Behalf Of Junyuan Zheng
> Sent: Dienstag, 17. März 2020 19:22
> To: jdk-updates-dev at openjdk.java.net
> Subject: [11u] backport JDK-8240972: macOS codesign fail on macOS 10.13.5
> or older
> 
> Hi,
> 
> I would like to backport JDK-8240972
> ("macOS codesign fail on macOS 10.13.5 or older") to 11u.
> 
> The original patch cannot be applied to 11u directly because of the change
> JDK-8239708 (https://bugs.openjdk.java.net/browse/JDK-8239708).
> 
> And here is the diff based on the current code:
> 
> ```
> --- a/make/autoconf/basics.m4
> +++ b/make/autoconf/basics.m4
> @@ -1228,12 +1228,25 @@
> AC_DEFUN_ONCE([BASIC_SETUP_COMPLEX_TOOLS],
>        AC_MSG_CHECKING([if codesign certificate is present])
>        $RM codesign-testfile
>        $TOUCH codesign-testfile
> -      $CODESIGN -s "$MACOSX_CODESIGN_IDENTITY" codesign-testfile
> 2>&AS_MESSAGE_LOG_FD >&AS_MESSAGE_LOG_FD || CODESIGN=
> +      $CODESIGN -s "$MACOSX_CODESIGN_IDENTITY" codesign-testfile
> 2>&AS_MESSAGE_LOG_FD \
> +          >&AS_MESSAGE_LOG_FD || CODESIGN=
>        $RM codesign-testfile
>        if test "x$CODESIGN" = x; then
>          AC_MSG_RESULT([no])
>        else
>          AC_MSG_RESULT([yes])
> +        # Verify that the codesign has --option runtime
> +        AC_MSG_CHECKING([if codesign has --option runtime])
> +        $RM codesign-testfile
> +        $TOUCH codesign-testfile
> +        $CODESIGN --option runtime -s "$MACOSX_CODESIGN_IDENTITY"
> codesign-testfile \
> +            2>&AS_MESSAGE_LOG_FD >&AS_MESSAGE_LOG_FD || CODESIGN=
> +        $RM codesign-testfile
> +        if test "x$CODESIGN" = x; then
> +          AC_MSG_ERROR([codesign does not have --option runtime. macOS
> 10.13.6 and above is required.])
> +        else
> +          AC_MSG_RESULT([yes])
> +        fi
>        fi
>      fi
>      BASIC_REQUIRE_PROGS(SETFILE, SetFile)
> ```
> 
> I also need a sponsor for this patch. Please let me know what you think.
> 
> Thanks,
> 
> Junyuan

More information about the jdk-updates-dev mailing list