Re: [jdk17] RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
On Thu, 9 Sep 2021 16:36:44 GMT, Andy Herrick wrote: > This is a backport from JDK-18 Marked as reviewed by asemenyuk (Reviewer). - PR: https://git.openjdk.java.net/jdk17/pull/305
[jdk17] RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
This is a backport from JDK-18 - Commit messages: - JDK-8271868: Warn user when using mac-sign option with unsigned app-image. Changes: https://git.openjdk.java.net/jdk17/pull/305/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk17=305=00 Issue: https://bugs.openjdk.java.net/browse/JDK-8271868 Stats: 65 lines in 9 files changed: 46 ins; 11 del; 8 mod Patch: https://git.openjdk.java.net/jdk17/pull/305.diff Fetch: git fetch https://git.openjdk.java.net/jdk17 pull/305/head:pull/305 PR: https://git.openjdk.java.net/jdk17/pull/305
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image. [v2]
On Thu, 5 Aug 2021 17:07:13 GMT, Andy Herrick wrote: >> 8271868: Warn user when using mac-sign option with unsigned app-image. > > Andy Herrick has updated the pull request incrementally with one additional > commit since the last revision: > > JDK-8271868: Warn user when using mac-sign option with unsigned app-image. Marked as reviewed by almatvee (Reviewer). - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image. [v2]
On Thu, 5 Aug 2021 17:07:13 GMT, Andy Herrick wrote:
>> 8271868: Warn user when using mac-sign option with unsigned app-image.
>
> Andy Herrick has updated the pull request incrementally with one additional
> commit since the last revision:
>
> JDK-8271868: Warn user when using mac-sign option with unsigned app-image.
src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/MacBaseInstallerBundler.java
line 142:
> 140:
> SIGN_BUNDLE.fetchFrom(params)).orElse(Boolean.FALSE)) {
> 141: // if signing bundle with app-image, warn user if
> app-image
> 142: // is not allready signed.
nitpicking: typo "allready" -> "already"
-
PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image. [v2]
On Thu, 5 Aug 2021 17:07:13 GMT, Andy Herrick wrote: >> 8271868: Warn user when using mac-sign option with unsigned app-image. > > Andy Herrick has updated the pull request incrementally with one additional > commit since the last revision: > > JDK-8271868: Warn user when using mac-sign option with unsigned app-image. will fix this spelling error - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image. [v2]
On Thu, 5 Aug 2021 17:07:13 GMT, Andy Herrick wrote: >> 8271868: Warn user when using mac-sign option with unsigned app-image. > > Andy Herrick has updated the pull request incrementally with one additional > commit since the last revision: > > JDK-8271868: Warn user when using mac-sign option with unsigned app-image. Marked as reviewed by asemenyuk (Reviewer). - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image. [v2]
On Thu, 5 Aug 2021 17:07:13 GMT, Andy Herrick wrote: >> 8271868: Warn user when using mac-sign option with unsigned app-image. > > Andy Herrick has updated the pull request incrementally with one additional > commit since the last revision: > > JDK-8271868: Warn user when using mac-sign option with unsigned app-image. now recording in AppImageFile if signing used to create the app-image, and showing warning only if signing an app using an app-image that is not so recorded as signed. - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image. [v2]
> 8271868: Warn user when using mac-sign option with unsigned app-image. Andy Herrick has updated the pull request incrementally with one additional commit since the last revision: JDK-8271868: Warn user when using mac-sign option with unsigned app-image. - Changes: - all: https://git.openjdk.java.net/jdk/pull/5004/files - new: https://git.openjdk.java.net/jdk/pull/5004/files/153e75ea..afc0f197 Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk=5004=01 - incr: https://webrevs.openjdk.java.net/?repo=jdk=5004=00-01 Stats: 72 lines in 6 files changed: 30 ins; 27 del; 15 mod Patch: https://git.openjdk.java.net/jdk/pull/5004.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/5004/head:pull/5004 PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
On Wed, 4 Aug 2021 20:00:37 GMT, Andy Herrick wrote: > 8271868: Warn user when using mac-sign option with unsigned app-image. My understanding of this enhancement is to warn user when app image created without --mac-sign is used in building a signed package. I.e. to warn user they misused --mac-sign option. We don't want to check the quality of app image and its suitability for packaging in signed package as a part of this enhancement. For this limited scope checking the value of signing flag recorded in .jpackage.xml seems reasonable approach. - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
On Wed, 4 Aug 2021 20:00:37 GMT, Andy Herrick wrote: > 8271868: Warn user when using mac-sign option with unsigned app-image. First of all why we only want to cover case when app-image was produced without --mac-sign? If we want to cover such case only, then we need to use approach suggested by Alexey and record signing flag in .jpackage.xml. Otherwise, user will receive false warning if unsigned app-image is provided which was generated without using jpackage or in case if app-image was modified after it was generated and signed. - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
On Wed, 4 Aug 2021 20:56:46 GMT, Alexander Matveev wrote:
>> 8271868: Warn user when using mac-sign option with unsigned app-image.
>
> src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/MacBaseInstallerBundler.java
> line 142:
>
>> 140: // is not allready signed.
>> 141: Path launcher =
>> applicationImage.resolve("Contents/MacOS")
>> 142: .resolve(APP_NAME.fetchFrom(params));
>
> As far as I remember launcher can be signed, but entire app image might not
> be signed. So, in this case check will pass, but notarization will fail. I
> think we should run check on app image itself.
jpackage will either copy the launcher from resource unmodified and unsigned,
or sign all the sign-able elements in the app-image (including the launcher).
-
PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
On Wed, 4 Aug 2021 20:00:37 GMT, Andy Herrick wrote: > 8271868: Warn user when using mac-sign option with unsigned app-image. The purpose of this change is to catch the case (and emit a warning) when user creates an app-image w/o using --mac-sign, and then uses that app image to build a pkg or dmg bundle using --mac-sign. For this purpose, checking if the main launcher is signed is sufficient. There is no reason to check all the executables, libraries, and/or Frameworks in the app image., and there is no such thing as signing the app-image itself, also using --deep arg to codesigner is specifically recommended against in all codesigner documentation I have read. The user can modify the app-image in any way he chooses, possibly invalidating the signing, before using it to create dmg or pkg (or he may create the app-image unsigned, and manually sign all or any part of it. This really has nothing to do with this change. The app-image can still be used to create a dmg or pkg using --mac-sign or not. The alternative of recording if the app-image was created with --app-sign in the AppImageFile is a reasonable alternative to verifying the signing of the main launchers - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
On Wed, 4 Aug 2021 20:00:37 GMT, Andy Herrick wrote: > 8271868: Warn user when using mac-sign option with unsigned app-image. What options exist for building a package from app image with invalid signature? - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
On Wed, 4 Aug 2021 20:00:37 GMT, Andy Herrick wrote: > 8271868: Warn user when using mac-sign option with unsigned app-image. I think it will not work. User might modify app image after it was created and it will invalidate signature. - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
On Wed, 4 Aug 2021 20:00:37 GMT, Andy Herrick wrote: > 8271868: Warn user when using mac-sign option with unsigned app-image. What if we save "signed/not signed" flag in ".jpackage.xml" when building app image and read its value instead of guessing if they signed app image or not using `codesign`? .jpackage.xml is designed specifically to pass data between multiple invocations of jpackage. - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
On Wed, 4 Aug 2021 20:00:37 GMT, Andy Herrick wrote:
> 8271868: Warn user when using mac-sign option with unsigned app-image.
Changes requested by almatvee (Reviewer).
src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/MacAppImageBuilder.java
line 877:
> 875: try {
> 876: IOUtils.exec(new ProcessBuilder("/usr/bin/codesign",
> 877: "--verify", file.toString()));
--deep should be added, so check is run on nested frameworks and helpers.
src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/MacBaseInstallerBundler.java
line 142:
> 140: // is not allready signed.
> 141: Path launcher =
> applicationImage.resolve("Contents/MacOS")
> 142: .resolve(APP_NAME.fetchFrom(params));
As far as I remember launcher can be signed, but entire app image might not be
signed. So, in this case check will pass, but notarization will fail. I think
we should run check on app image itself.
-
PR: https://git.openjdk.java.net/jdk/pull/5004
RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
8271868: Warn user when using mac-sign option with unsigned app-image. - Commit messages: - JDK-8271868: Warn user when using mac-sign option with unsigned app-image. - JDK-8271868: Warn user when using mac-sign option with unsigned app-image. - JDK-8271868: Warn user when using mac-sign option with unsigned app-image. - JDK-8271868: Warn user when using mac-sign option with unsigned app-image. Changes: https://git.openjdk.java.net/jdk/pull/5004/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk=5004=00 Issue: https://bugs.openjdk.java.net/browse/JDK-8271868 Stats: 34 lines in 5 files changed: 32 ins; 0 del; 2 mod Patch: https://git.openjdk.java.net/jdk/pull/5004.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/5004/head:pull/5004 PR: https://git.openjdk.java.net/jdk/pull/5004
