Re: [jdk17] RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
On Thu, 9 Sep 2021 16:36:44 GMT, Andy Herrick wrote: > This is a backport from JDK-18 Marked as reviewed by asemenyuk (Reviewer). - PR: https://git.openjdk.java.net/jdk17/pull/305
[jdk17] RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
This is a backport from JDK-18 - Commit messages: - JDK-8271868: Warn user when using mac-sign option with unsigned app-image. Changes: https://git.openjdk.java.net/jdk17/pull/305/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk17=305=00 Issue: https://bugs.openjdk.java.net/browse/JDK-8271868 Stats: 65 lines in 9 files changed: 46 ins; 11 del; 8 mod Patch: https://git.openjdk.java.net/jdk17/pull/305.diff Fetch: git fetch https://git.openjdk.java.net/jdk17 pull/305/head:pull/305 PR: https://git.openjdk.java.net/jdk17/pull/305
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image. [v2]
On Thu, 5 Aug 2021 17:07:13 GMT, Andy Herrick wrote: >> 8271868: Warn user when using mac-sign option with unsigned app-image. > > Andy Herrick has updated the pull request incrementally with one additional > commit since the last revision: > > JDK-8271868: Warn user when using mac-sign option with unsigned app-image. Marked as reviewed by almatvee (Reviewer). - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image. [v2]
On Thu, 5 Aug 2021 17:07:13 GMT, Andy Herrick wrote: >> 8271868: Warn user when using mac-sign option with unsigned app-image. > > Andy Herrick has updated the pull request incrementally with one additional > commit since the last revision: > > JDK-8271868: Warn user when using mac-sign option with unsigned app-image. src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/MacBaseInstallerBundler.java line 142: > 140: > SIGN_BUNDLE.fetchFrom(params)).orElse(Boolean.FALSE)) { > 141: // if signing bundle with app-image, warn user if > app-image > 142: // is not allready signed. nitpicking: typo "allready" -> "already" - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image. [v2]
On Thu, 5 Aug 2021 17:07:13 GMT, Andy Herrick wrote: >> 8271868: Warn user when using mac-sign option with unsigned app-image. > > Andy Herrick has updated the pull request incrementally with one additional > commit since the last revision: > > JDK-8271868: Warn user when using mac-sign option with unsigned app-image. will fix this spelling error - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image. [v2]
On Thu, 5 Aug 2021 17:07:13 GMT, Andy Herrick wrote: >> 8271868: Warn user when using mac-sign option with unsigned app-image. > > Andy Herrick has updated the pull request incrementally with one additional > commit since the last revision: > > JDK-8271868: Warn user when using mac-sign option with unsigned app-image. Marked as reviewed by asemenyuk (Reviewer). - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image. [v2]
On Thu, 5 Aug 2021 17:07:13 GMT, Andy Herrick wrote: >> 8271868: Warn user when using mac-sign option with unsigned app-image. > > Andy Herrick has updated the pull request incrementally with one additional > commit since the last revision: > > JDK-8271868: Warn user when using mac-sign option with unsigned app-image. now recording in AppImageFile if signing used to create the app-image, and showing warning only if signing an app using an app-image that is not so recorded as signed. - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image. [v2]
> 8271868: Warn user when using mac-sign option with unsigned app-image. Andy Herrick has updated the pull request incrementally with one additional commit since the last revision: JDK-8271868: Warn user when using mac-sign option with unsigned app-image. - Changes: - all: https://git.openjdk.java.net/jdk/pull/5004/files - new: https://git.openjdk.java.net/jdk/pull/5004/files/153e75ea..afc0f197 Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk=5004=01 - incr: https://webrevs.openjdk.java.net/?repo=jdk=5004=00-01 Stats: 72 lines in 6 files changed: 30 ins; 27 del; 15 mod Patch: https://git.openjdk.java.net/jdk/pull/5004.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/5004/head:pull/5004 PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
On Wed, 4 Aug 2021 20:00:37 GMT, Andy Herrick wrote: > 8271868: Warn user when using mac-sign option with unsigned app-image. My understanding of this enhancement is to warn user when app image created without --mac-sign is used in building a signed package. I.e. to warn user they misused --mac-sign option. We don't want to check the quality of app image and its suitability for packaging in signed package as a part of this enhancement. For this limited scope checking the value of signing flag recorded in .jpackage.xml seems reasonable approach. - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
On Wed, 4 Aug 2021 20:00:37 GMT, Andy Herrick wrote: > 8271868: Warn user when using mac-sign option with unsigned app-image. First of all why we only want to cover case when app-image was produced without --mac-sign? If we want to cover such case only, then we need to use approach suggested by Alexey and record signing flag in .jpackage.xml. Otherwise, user will receive false warning if unsigned app-image is provided which was generated without using jpackage or in case if app-image was modified after it was generated and signed. - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
On Wed, 4 Aug 2021 20:56:46 GMT, Alexander Matveev wrote: >> 8271868: Warn user when using mac-sign option with unsigned app-image. > > src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/MacBaseInstallerBundler.java > line 142: > >> 140: // is not allready signed. >> 141: Path launcher = >> applicationImage.resolve("Contents/MacOS") >> 142: .resolve(APP_NAME.fetchFrom(params)); > > As far as I remember launcher can be signed, but entire app image might not > be signed. So, in this case check will pass, but notarization will fail. I > think we should run check on app image itself. jpackage will either copy the launcher from resource unmodified and unsigned, or sign all the sign-able elements in the app-image (including the launcher). - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
On Wed, 4 Aug 2021 20:00:37 GMT, Andy Herrick wrote: > 8271868: Warn user when using mac-sign option with unsigned app-image. The purpose of this change is to catch the case (and emit a warning) when user creates an app-image w/o using --mac-sign, and then uses that app image to build a pkg or dmg bundle using --mac-sign. For this purpose, checking if the main launcher is signed is sufficient. There is no reason to check all the executables, libraries, and/or Frameworks in the app image., and there is no such thing as signing the app-image itself, also using --deep arg to codesigner is specifically recommended against in all codesigner documentation I have read. The user can modify the app-image in any way he chooses, possibly invalidating the signing, before using it to create dmg or pkg (or he may create the app-image unsigned, and manually sign all or any part of it. This really has nothing to do with this change. The app-image can still be used to create a dmg or pkg using --mac-sign or not. The alternative of recording if the app-image was created with --app-sign in the AppImageFile is a reasonable alternative to verifying the signing of the main launchers - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
On Wed, 4 Aug 2021 20:00:37 GMT, Andy Herrick wrote: > 8271868: Warn user when using mac-sign option with unsigned app-image. What options exist for building a package from app image with invalid signature? - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
On Wed, 4 Aug 2021 20:00:37 GMT, Andy Herrick wrote: > 8271868: Warn user when using mac-sign option with unsigned app-image. I think it will not work. User might modify app image after it was created and it will invalidate signature. - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
On Wed, 4 Aug 2021 20:00:37 GMT, Andy Herrick wrote: > 8271868: Warn user when using mac-sign option with unsigned app-image. What if we save "signed/not signed" flag in ".jpackage.xml" when building app image and read its value instead of guessing if they signed app image or not using `codesign`? .jpackage.xml is designed specifically to pass data between multiple invocations of jpackage. - PR: https://git.openjdk.java.net/jdk/pull/5004
Re: RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
On Wed, 4 Aug 2021 20:00:37 GMT, Andy Herrick wrote: > 8271868: Warn user when using mac-sign option with unsigned app-image. Changes requested by almatvee (Reviewer). src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/MacAppImageBuilder.java line 877: > 875: try { > 876: IOUtils.exec(new ProcessBuilder("/usr/bin/codesign", > 877: "--verify", file.toString())); --deep should be added, so check is run on nested frameworks and helpers. src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/MacBaseInstallerBundler.java line 142: > 140: // is not allready signed. > 141: Path launcher = > applicationImage.resolve("Contents/MacOS") > 142: .resolve(APP_NAME.fetchFrom(params)); As far as I remember launcher can be signed, but entire app image might not be signed. So, in this case check will pass, but notarization will fail. I think we should run check on app image itself. - PR: https://git.openjdk.java.net/jdk/pull/5004
RFR: 8271868: Warn user when using mac-sign option with unsigned app-image.
8271868: Warn user when using mac-sign option with unsigned app-image. - Commit messages: - JDK-8271868: Warn user when using mac-sign option with unsigned app-image. - JDK-8271868: Warn user when using mac-sign option with unsigned app-image. - JDK-8271868: Warn user when using mac-sign option with unsigned app-image. - JDK-8271868: Warn user when using mac-sign option with unsigned app-image. Changes: https://git.openjdk.java.net/jdk/pull/5004/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk=5004=00 Issue: https://bugs.openjdk.java.net/browse/JDK-8271868 Stats: 34 lines in 5 files changed: 32 ins; 0 del; 2 mod Patch: https://git.openjdk.java.net/jdk/pull/5004.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/5004/head:pull/5004 PR: https://git.openjdk.java.net/jdk/pull/5004