On Fri, 11 Jul 2025 19:57:54 GMT, Alexander Matveev <almat...@openjdk.org> 
wrote:

> Test updated to expect `jpackage` to PASS in case of 
> `--mac-signing-key-user-name` and FAIL in case of 
> `-mac-app-image-sign-identity`. See explanation below.
> 
> Case 1: Only common name of certificate is used (PASS):
> jpackage --type dmg -i input -n Test --main-class components.DynamicTreeDemo 
> --main-jar DynamicTreeDemo.jar --mac-sign --mac-signing-keychain 
> jpackagerTest-duplicate.keychain --mac-signing-key-user-name 
> jpackage.openjdk.java.net
> [10:02:37.545] WARNING: Multiple certificates found matching [Developer ID 
> Application: jpackage.openjdk.java.net] using keychain 
> [jpackagerTest-duplicate.keychain], using first one
> 
> Actual codesign command in PASS case:
> /usr/bin/codesign -s CBDE500D7ED18E08F6DF852A5D23D8C7113EB30C -vvvv 
> --timestamp --options runtime --prefix components. --keychain 
> jpackagerTest-duplicate.keychain --force 
> /var/folders/dr/65dj5x3j0296mqtsn9z27xc80000gn/T/jdk.jpackage3439321874841533317/image/Test.app
> 
> CBDE500D7ED18E08F6DF852A5D23D8C7113EB30C is hash of certificate which exist 
> in both jpackagerTest.keychain and jpackagerTest-duplicate.keychain. Based on 
> man page documentation it is allowed. When hash is used codesign will not 
> perform any search of certificates based on man page. So codesign will not 
> fail which is expected.
> 
> Case 2: Full name of certificate is used (FAIL):
> jpackage --type dmg -i input -n Test --main-class components.DynamicTreeDemo 
> --main-jar DynamicTreeDemo.jar --mac-sign --mac-signing-keychain 
> jpackagerTest-duplicate.keychain --mac-app-image-sign-identity "Developer ID 
> Application: jpackage.openjdk.java.net"
> Error: "codesign" failed with following output:
> Developer ID Application: jpackage.openjdk.java.net: found in both 
> /Users/alexander/Library/Keychains/jpackagerTest.keychain-db and 
> /Users/alexander/Library/Keychains/jpackagerTest-duplicate.keychain-db (this 
> is all right)
> Developer ID Application: jpackage.openjdk.java.net: ambiguous (matches 
> "Developer ID Application: jpackage.openjdk.java.net" in 
> /Users/alexander/Library/Keychains/jpackagerTest.keychain-db and "Developer 
> ID Application: jpackage.openjdk.java.net" in 
> /Users/alexander/Library/Keychains/jpackagerTest-duplicate.keychain-db)
> 
> Actual codesign command in FAIL case:
> /usr/bin/codesign -s Developer ID Application: jpackage.openjdk.java.net 
> -vvvv --timestamp --options runtime --prefix components. --keychain 
> jpackagerTest-duplicate.keychain 
> /var/folders/dr/65dj5x3j0296mqtsn9z27xc80000gn/T/jdk.jpackage12899615926124631029/image/Test.app/Contents/runtime/Contents/H...

This pull request has now been integrated.

Changeset: a10ee46e
Author:    Alexander Matveev <almat...@openjdk.org>
URL:       
https://git.openjdk.org/jdk/commit/a10ee46e6dd94a279e0821d431944bb096493664
Stats:     15 lines in 1 file changed: 6 ins; 0 del; 9 mod

8361224: [macos] MacSignTest.testMultipleCertificates failed

Reviewed-by: asemenyuk

-------------

PR: https://git.openjdk.org/jdk/pull/26275

Reply via email to