On Wed, 4 Aug 2021 20:00:37 GMT, Andy Herrick <herr...@openjdk.org> wrote:
> 8271868: Warn user when using mac-sign option with unsigned app-image.
Changes requested by almatvee (Reviewer).
src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/MacAppImageBuilder.java
line 877:
> 875: try {
> 876: IOUtils.exec(new ProcessBuilder("/usr/bin/codesign",
> 877: "--verify", file.toString()));
--deep should be added, so check is run on nested frameworks and helpers.
src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/MacBaseInstallerBundler.java
line 142:
> 140: // is not allready signed.
> 141: Path launcher =
> applicationImage.resolve("Contents/MacOS")
> 142: .resolve(APP_NAME.fetchFrom(params));
As far as I remember launcher can be signed, but entire app image might not be
signed. So, in this case check will pass, but notarization will fail. I think
we should run check on app image itself.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5004
