On Sun, 18 Jan 2026 07:34:45 GMT, Alexey Semenyuk <[email protected]> wrote:
> Restore the logic of how jpackage handles cases when the "--mac-sign" option > is specified without the "--mac-signing-key-user-name" or > "--mac-app-image-sign-identity" option. > > Make it work as it did prior to the > [JDK-8333664](https://bugs.openjdk.org/browse/JDK-8333664) patch, which > caused jpackage to silently ignore the "--mac-sign" option and not sign the > output bundle. > > The restored behavior is as follows: > > If the "--mac-sign" option is specified, jpackage will always attempt to sign > the output bundle. > > If none of the signing identity options ("--mac-signing-key-user-name", > "--mac-app-image-sign-identity", or "--mac-installer-sign-identity") is > specified, jpackage will look up for a signing identity (or signing > identities in case of PKG bundling) in the keychain specified with the > "--mac-signing-keychain", or in the default keychain of the current user if > the "--mac-signing-keychain" option is not specified. > > If the keychain contains exactly one signing certificate of a specific type > (a certificate for signing an app image or a certificate for signing a PKG > installer), jpackage will use it for signing. Otherwise, jpackage will exit > with an error. > > Added tests to cover the cases when the "--mac-sign" option is specified and > the keychain has/doesn't have signing certificates. Looks good. ------------- Marked as reviewed by almatvee (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/29290#pullrequestreview-3858069316
