On Fri, 11 Jul 2025 19:57:54 GMT, Alexander Matveev <almat...@openjdk.org> wrote:
> Test updated to expect `jpackage` to PASS in case of > `--mac-signing-key-user-name` and FAIL in case of > `-mac-app-image-sign-identity`. See explanation below. > > Case 1: Only common name of certificate is used (PASS): > jpackage --type dmg -i input -n Test --main-class components.DynamicTreeDemo > --main-jar DynamicTreeDemo.jar --mac-sign --mac-signing-keychain > jpackagerTest-duplicate.keychain --mac-signing-key-user-name > jpackage.openjdk.java.net > [10:02:37.545] WARNING: Multiple certificates found matching [Developer ID > Application: jpackage.openjdk.java.net] using keychain > [jpackagerTest-duplicate.keychain], using first one > > Actual codesign command in PASS case: > /usr/bin/codesign -s CBDE500D7ED18E08F6DF852A5D23D8C7113EB30C -vvvv > --timestamp --options runtime --prefix components. --keychain > jpackagerTest-duplicate.keychain --force > /var/folders/dr/65dj5x3j0296mqtsn9z27xc80000gn/T/jdk.jpackage3439321874841533317/image/Test.app > > CBDE500D7ED18E08F6DF852A5D23D8C7113EB30C is hash of certificate which exist > in both jpackagerTest.keychain and jpackagerTest-duplicate.keychain. Based on > man page documentation it is allowed. When hash is used codesign will not > perform any search of certificates based on man page. So codesign will not > fail which is expected. > > Case 2: Full name of certificate is used (FAIL): > jpackage --type dmg -i input -n Test --main-class components.DynamicTreeDemo > --main-jar DynamicTreeDemo.jar --mac-sign --mac-signing-keychain > jpackagerTest-duplicate.keychain --mac-app-image-sign-identity "Developer ID > Application: jpackage.openjdk.java.net" > Error: "codesign" failed with following output: > Developer ID Application: jpackage.openjdk.java.net: found in both > /Users/alexander/Library/Keychains/jpackagerTest.keychain-db and > /Users/alexander/Library/Keychains/jpackagerTest-duplicate.keychain-db (this > is all right) > Developer ID Application: jpackage.openjdk.java.net: ambiguous (matches > "Developer ID Application: jpackage.openjdk.java.net" in > /Users/alexander/Library/Keychains/jpackagerTest.keychain-db and "Developer > ID Application: jpackage.openjdk.java.net" in > /Users/alexander/Library/Keychains/jpackagerTest-duplicate.keychain-db) > > Actual codesign command in FAIL case: > /usr/bin/codesign -s Developer ID Application: jpackage.openjdk.java.net > -vvvv --timestamp --options runtime --prefix components. --keychain > jpackagerTest-duplicate.keychain > /var/folders/dr/65dj5x3j0296mqtsn9z27xc80000gn/T/jdk.jpackage12899615926124631029/image/Test.app/Contents/runtime/Contents/H... This pull request has now been integrated. Changeset: a10ee46e Author: Alexander Matveev <almat...@openjdk.org> URL: https://git.openjdk.org/jdk/commit/a10ee46e6dd94a279e0821d431944bb096493664 Stats: 15 lines in 1 file changed: 6 ins; 0 del; 9 mod 8361224: [macos] MacSignTest.testMultipleCertificates failed Reviewed-by: asemenyuk ------------- PR: https://git.openjdk.org/jdk/pull/26275