< prev index next >
src/jdk.incubator.jpackage/macosx/classes/jdk/incubator/jpackage/internal/MacAppImageBuilder.java
Print this page
*** 83,92 ****
--- 83,97 ----
private final Path runtimeRoot;
private final Path mdir;
private static List<String> keyChains;
+ private final static String DEFAULT_ENTITLEMENTS =
+ "Mac.entitlements";
+ private final static String DEFAULT_INHERIT_ENTITLEMENTS =
+ "Mac_Inherit.entitlements";
+
public static final BundlerParamInfo<Boolean>
MAC_CONFIGURE_LAUNCHER_IN_PLIST = new StandardBundlerParam<>(
"mac.configure-launcher-in-plist",
Boolean.class,
params -> Boolean.FALSE,
*** 160,169 ****
--- 165,190 ----
// valueOf(null) is false, we actually do want null in some cases
(s, p) -> (s == null || "null".equalsIgnoreCase(s)) ?
null : Boolean.valueOf(s)
);
+ /*
+ public static final StandardBundlerParam<File> MAC_ENTITLEMENTS =
+ new StandardBundlerParam<>(
+ Arguments.CLIOptions.MAC_ENTITLEMENTS.getId(),
+ File.class,
+ params -> null,
+ (s, p) -> new File(s));
+
+ public static final StandardBundlerParam<File> MAC_INHERIT_ENTITLEMENTS =
+ new StandardBundlerParam<>(
+ Arguments.CLIOptions.MAC_INHERIT_ENTITLEMENTS.getId(),
+ File.class,
+ params -> null,
+ (s, p) -> new File(s));
+ */
+
public MacAppImageBuilder(Map<String, Object> params, Path imageOutDir)
throws IOException {
super(params, imageOutDir.resolve(APP_NAME.fetchFrom(params)
+ ".app/Contents/runtime/Contents/Home"));
*** 366,382 ****
Log.error(e.getMessage());
}
String signingIdentity =
DEVELOPER_ID_APP_SIGNING_KEY.fetchFrom(params);
if (signingIdentity != null) {
signAppBundle(params, root, signingIdentity,
! BUNDLE_ID_SIGNING_PREFIX.fetchFrom(params), null, null);
}
restoreKeychainList(params);
}
}
private String getLauncherName(Map<String, ? super Object> params) {
if (APP_NAME.fetchFrom(params) != null) {
return APP_NAME.fetchFrom(params);
} else {
return MAIN_CLASS.fetchFrom(params);
--- 387,432 ----
Log.error(e.getMessage());
}
String signingIdentity =
DEVELOPER_ID_APP_SIGNING_KEY.fetchFrom(params);
if (signingIdentity != null) {
+ prepareEntitlements(params);
signAppBundle(params, root, signingIdentity,
! BUNDLE_ID_SIGNING_PREFIX.fetchFrom(params),
! getConfig_Entitlements(params).toString(),
! getConfig_Inherit_Entitlements(params).toString());
}
restoreKeychainList(params);
}
}
+ private File getConfig_Entitlements(Map<String, ? super Object> params) {
+ return new File(CONFIG_ROOT.fetchFrom(params),
+ getLauncherName(params) + ".entitlements");
+ }
+
+ private File getConfig_Inherit_Entitlements(
+ Map<String, ? super Object> params) {
+ return new File(CONFIG_ROOT.fetchFrom(params),
+ getLauncherName(params) + "_Inherit.entitlements");
+ }
+
+ private void prepareEntitlements(Map<String, ? super Object> params)
+ throws IOException {
+ createResource(DEFAULT_ENTITLEMENTS, params)
+ .setCategory(I18N.getString("resource.mac-entitlements"))
+ // .setExternal(MAC_ENTITLEMENTS.fetchFrom(params))
+ .saveToFile(getConfig_Entitlements(params));
+
+ createResource(DEFAULT_INHERIT_ENTITLEMENTS, params)
+ .setCategory(I18N.getString(
+ "resource.mac-inherit-entitlements"))
+ // .setExternal(MAC_INHERIT_ENTITLEMENTS.fetchFrom(params))
+ .saveToFile(getConfig_Inherit_Entitlements(params));
+ }
+
+
private String getLauncherName(Map<String, ? super Object> params) {
if (APP_NAME.fetchFrom(params) != null) {
return APP_NAME.fetchFrom(params);
} else {
return MAIN_CLASS.fetchFrom(params);
*** 760,770 ****
}
}).filter(p -> Files.isRegularFile(p)
&& !(p.toString().contains("/Contents/MacOS/libjli.dylib")
|| p.toString().endsWith(appExecutable)
|| p.toString().contains("/Contents/runtime")
! || p.toString().contains("/Contents/Frameworks"))).forEach(p -> {
//noinspection ThrowableResultOfMethodCallIgnored
if (toThrow.get() != null) return;
// If p is a symlink then skip the signing process.
if (Files.isSymbolicLink(p)) {
--- 810,821 ----
}
}).filter(p -> Files.isRegularFile(p)
&& !(p.toString().contains("/Contents/MacOS/libjli.dylib")
|| p.toString().endsWith(appExecutable)
|| p.toString().contains("/Contents/runtime")
! || p.toString().contains("/Contents/Frameworks"))
! ).forEach(p -> {
//noinspection ThrowableResultOfMethodCallIgnored
if (toThrow.get() != null) return;
// If p is a symlink then skip the signing process.
if (Files.isSymbolicLink(p)) {
*** 776,791 ****
if (p.toString().endsWith(LIBRARY_NAME)) {
if (isFileSigned(p)) {
return;
}
}
-
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "-s", signingIdentity, // sign with this key
"--prefix", identifierPrefix,
- // use the identifier as a prefix
"-vvvv"));
if (entitlementsFile != null &&
(p.toString().endsWith(".jar")
|| p.toString().endsWith(".dylib"))) {
args.add("--entitlements");
--- 827,844 ----
if (p.toString().endsWith(LIBRARY_NAME)) {
if (isFileSigned(p)) {
return;
}
}
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "--timestamp",
! "--options", "runtime",
! "--deep",
! "--force",
! "-s", signingIdentity,
"--prefix", identifierPrefix,
"-vvvv"));
if (entitlementsFile != null &&
(p.toString().endsWith(".jar")
|| p.toString().endsWith(".dylib"))) {
args.add("--entitlements");
*** 834,856 ****
"-f",
"-s", signingIdentity, // sign with this key
"--prefix", identifierPrefix,
// use the identifier as a prefix
"-vvvv"));
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
args.add(path.toString());
ProcessBuilder pb = new ProcessBuilder(args);
IOUtils.exec(pb);
args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "-s", signingIdentity, // sign with this key
"--prefix", identifierPrefix,
- // use the identifier as a prefix
"-vvvv"));
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
--- 887,926 ----
"-f",
"-s", signingIdentity, // sign with this key
"--prefix", identifierPrefix,
// use the identifier as a prefix
"-vvvv"));
+
+ if (entitlementsFile != null &&
+ (path.toString().endsWith(".jar")
+ || path.toString().endsWith(".dylib"))) {
+ args.add("--entitlements");
+ args.add(entitlementsFile); // entitlements
+ } else if (inheritedEntitlements != null &&
+ Files.isExecutable(path)) {
+ args.add("--entitlements");
+ args.add(inheritedEntitlements);
+ // inherited entitlements for executable processes
+ }
+
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
args.add(path.toString());
ProcessBuilder pb = new ProcessBuilder(args);
IOUtils.exec(pb);
+
args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "--timestamp",
! "--options", "runtime",
! "--deep",
! "--force",
! "-s", signingIdentity,
"--prefix", identifierPrefix,
"-vvvv"));
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
*** 884,895 ****
}
// sign the app itself
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "-s", signingIdentity, // sign with this key
! "-vvvv")); // super verbose output
if (entitlementsFile != null) {
args.add("--entitlements");
args.add(entitlementsFile); // entitlements
}
if (keyChain != null && !keyChain.isEmpty()) {
--- 954,969 ----
}
// sign the app itself
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "--timestamp",
! "--options", "runtime",
! "--deep",
! "--force",
! "-s", signingIdentity,
! "-vvvv"));
if (entitlementsFile != null) {
args.add("--entitlements");
args.add(entitlementsFile); // entitlements
}
if (keyChain != null && !keyChain.isEmpty()) {
< prev index next >