[11u] backport JDK-8240972: macOS codesign fail on macOS 10.13.5 or older

Langer, Christoph christoph.langer at sap.com
Tue Mar 24 20:09:15 UTC 2020 

Hi Junyuan,

thanks for also providing the backport for 14u. It looks good to me as well.

I requested jdk11 and jdk14 backport approval on your behalf now. Will sponsor it once we get the approvals.

Best regards
Christoph

> -----Original Message-----
> From: Junyuan Zheng <Junyuan.Zheng at microsoft.com>
> Sent: Montag, 23. März 2020 21:47
> To: Langer, Christoph <christoph.langer at sap.com>; jdk-updates-
> dev at openjdk.java.net
> Subject: Re: [11u] backport JDK-8240972: macOS codesign fail on macOS
> 10.13.5 or older
> 
> Hi Christoph,
> 
> I have generated a patch for the jdk14u. And here is the diff:
> 
> ```
> --- a/make/autoconf/basics.m4
> +++ b/make/autoconf/basics.m4
> @@ -1303,12 +1303,25 @@
> AC_DEFUN_ONCE([BASIC_SETUP_COMPLEX_TOOLS],
>        AC_MSG_CHECKING([if codesign certificate is present])
>        $RM codesign-testfile
>        $TOUCH codesign-testfile
> -      $CODESIGN -s "$MACOSX_CODESIGN_IDENTITY" codesign-testfile
> 2>&AS_MESSAGE_LOG_FD >&AS_MESSAGE_LOG_FD || CODESIGN=
> +      $CODESIGN -s "$MACOSX_CODESIGN_IDENTITY" codesign-testfile
> 2>&AS_MESSAGE_LOG_FD \
> +          >&AS_MESSAGE_LOG_FD || CODESIGN=
>        $RM codesign-testfile
>        if test "x$CODESIGN" = x; then
>          AC_MSG_RESULT([no])
>        else
>          AC_MSG_RESULT([yes])
> +        # Verify that the codesign has --option runtime
> +        AC_MSG_CHECKING([if codesign has --option runtime])
> +        $RM codesign-testfile
> +        $TOUCH codesign-testfile
> +        $CODESIGN --option runtime -s "$MACOSX_CODESIGN_IDENTITY"
> codesign-testfile \
> +            2>&AS_MESSAGE_LOG_FD >&AS_MESSAGE_LOG_FD || CODESIGN=
> +        $RM codesign-testfile
> +        if test "x$CODESIGN" = x; then
> +          AC_MSG_ERROR([codesign does not have --option runtime. macOS
> 10.13.6 and above is required.])
> +        else
> +          AC_MSG_RESULT([yes])
> +        fi
>        fi
>      fi
>      BASIC_REQUIRE_PROGS(SETFILE, SetFile)
> ```
> 
> Please let me know what you think.
> 
> Thanks!
> 
> Junyuan
> 
> ________________________________________
> From: Langer, Christoph <christoph.langer at sap.com>
> Sent: Wednesday, March 18, 2020 1:05 PM
> To: Junyuan Zheng; jdk-updates-dev at openjdk.java.net
> Subject: [EXTERNAL] RE: [11u] backport JDK-8240972: macOS codesign fail on
> macOS 10.13.5 or older
> 
> Hi Junyuan,
> 
> I think this looks good. I can approve&sponsor this for you. I think we want to
> get this into jdk14u as well.
> 
> Best regards
> Christoph
> 
> > -----Original Message-----
> > From: jdk-updates-dev <jdk-updates-dev-bounces at openjdk.java.net> On
> > Behalf Of Junyuan Zheng
> > Sent: Dienstag, 17. März 2020 19:22
> > To: jdk-updates-dev at openjdk.java.net
> > Subject: [11u] backport JDK-8240972: macOS codesign fail on macOS 10.13.5
> > or older
> >
> > Hi,
> >
> > I would like to backport JDK-8240972
> > ("macOS codesign fail on macOS 10.13.5 or older") to 11u.
> >
> > The original patch cannot be applied to 11u directly because of the change
> > JDK-8239708
> (https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbug
> s.openjdk.java.net%2Fbrowse%2FJDK-
> 8239708&data=02%7C01%7CJunyuan.Zheng%40microsoft.com%7Cfa3c2
> 4116cbe44e9c2cd08d7cb77d3e9%7C72f988bf86f141af91ab2d7cd011db47%7C
> 1%7C0%7C637201587835476295&sdata=PZPabAz5YweihzLxc4yh4%2Bgt
> KbW3528k86BrTgevjLg%3D&reserved=0).
> >
> > And here is the diff based on the current code:
> >
> > ```
> > --- a/make/autoconf/basics.m4
> > +++ b/make/autoconf/basics.m4
> > @@ -1228,12 +1228,25 @@
> > AC_DEFUN_ONCE([BASIC_SETUP_COMPLEX_TOOLS],
> >        AC_MSG_CHECKING([if codesign certificate is present])
> >        $RM codesign-testfile
> >        $TOUCH codesign-testfile
> > -      $CODESIGN -s "$MACOSX_CODESIGN_IDENTITY" codesign-testfile
> > 2>&AS_MESSAGE_LOG_FD >&AS_MESSAGE_LOG_FD || CODESIGN=
> > +      $CODESIGN -s "$MACOSX_CODESIGN_IDENTITY" codesign-testfile
> > 2>&AS_MESSAGE_LOG_FD \
> > +          >&AS_MESSAGE_LOG_FD || CODESIGN=
> >        $RM codesign-testfile
> >        if test "x$CODESIGN" = x; then
> >          AC_MSG_RESULT([no])
> >        else
> >          AC_MSG_RESULT([yes])
> > +        # Verify that the codesign has --option runtime
> > +        AC_MSG_CHECKING([if codesign has --option runtime])
> > +        $RM codesign-testfile
> > +        $TOUCH codesign-testfile
> > +        $CODESIGN --option runtime -s "$MACOSX_CODESIGN_IDENTITY"
> > codesign-testfile \
> > +            2>&AS_MESSAGE_LOG_FD >&AS_MESSAGE_LOG_FD ||
> CODESIGN=
> > +        $RM codesign-testfile
> > +        if test "x$CODESIGN" = x; then
> > +          AC_MSG_ERROR([codesign does not have --option runtime. macOS
> > 10.13.6 and above is required.])
> > +        else
> > +          AC_MSG_RESULT([yes])
> > +        fi
> >        fi
> >      fi
> >      BASIC_REQUIRE_PROGS(SETFILE, SetFile)
> > ```
> >
> > I also need a sponsor for this patch. Please let me know what you think.
> >
> > Thanks,
> >
> > Junyuan

More information about the jdk-updates-dev mailing list