Here is the webrev: http://cr.openjdk.java.net/~goetz/wr19/rene/8235585-mac_notarization/01/
On Mon, Dec 9, 2019 at 5:05 PM René Schünemann <rene.schuenem...@gmail.com> wrote: > > Hi, > > for the macOS notarization process, all executables and libraries need > to be codesigned with hardened runtime (--options runtime) and secure > timestamp (--timestamp) enabled. Additionally for the OpenJDK certain > entitlements have to be set during codesigning: > > * com.apple.security.cs.allow-jit > * com.apple.security.cs.allow-unsigned-executable-memory > * com.apple.security.cs.disable-executable-page-protection > * com.apple.security.cs.allow-dyld-environment-variables > * com.apple.security.cs.debugger > > With this change the macOS codesign tool is being run for all native > executables and libraries. > > Additionally this change introduces a new configure option: > --with-macosx-codesign-identity > > This options allows to specify a codesigning identity stored in the > macOS keychain. > When this option is not set it falls back to "openjdk_codesign". > > Thanks, > Rene
