On Thu, 15 Sep 2022 01:50:12 GMT, Chris Plummer <cjplum...@openjdk.org> wrote:
>> Erik Joelsson has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Comment fix > > make/data/macosxsigning/default-debug.plist line 15: > >> 13: <key>com.apple.security.cs.debugger</key> >> 14: <true/> >> 15: <key>com.apple.security.get-task-allow</key> > > If instead of creating this new plist file you instead just added this > property to default.plist, would that cause notarization to fail, or would > notarizing simply strip this entitlement, which is what you would want. Yes, that would cause notarization to fail. Note that notarization does not change the binaries. We just send them in to be scanned by Apple, and they save some kind of fingerprint in a database. (There is a post notarization step called stapling that does modify the binaries, but all it does is attaching a signature from the notarization process to make it possible to verify notarization offline.) I could have opted to generate the plist files using PlistBuddy instead of keeping 4 static files around, but decided against it to keep the build logic simpler. If we ever need any more variants, I will probably rethink this. ------------- PR: https://git.openjdk.org/jdk/pull/10275
