< prev index next >
src/jdk.incubator.jpackage/macosx/classes/jdk/incubator/jpackage/internal/MacAppImageBuilder.java
Print this page
@@ -83,10 +83,15 @@
private final Path runtimeRoot;
private final Path mdir;
private static List<String> keyChains;
+ private final static String DEFAULT_ENTITLEMENTS =
+ "Mac.entitlements";
+ private final static String DEFAULT_INHERIT_ENTITLEMENTS =
+ "Mac_Inherit.entitlements";
+
public static final BundlerParamInfo<Boolean>
MAC_CONFIGURE_LAUNCHER_IN_PLIST = new StandardBundlerParam<>(
"mac.configure-launcher-in-plist",
Boolean.class,
params -> Boolean.FALSE,
@@ -160,10 +165,26 @@
// valueOf(null) is false, we actually do want null in some cases
(s, p) -> (s == null || "null".equalsIgnoreCase(s)) ?
null : Boolean.valueOf(s)
);
+/*
+ public static final StandardBundlerParam<File> MAC_ENTITLEMENTS =
+ new StandardBundlerParam<>(
+ Arguments.CLIOptions.MAC_ENTITLEMENTS.getId(),
+ File.class,
+ params -> null,
+ (s, p) -> new File(s));
+
+ public static final StandardBundlerParam<File> MAC_INHERIT_ENTITLEMENTS =
+ new StandardBundlerParam<>(
+ Arguments.CLIOptions.MAC_INHERIT_ENTITLEMENTS.getId(),
+ File.class,
+ params -> null,
+ (s, p) -> new File(s));
+*/
+
public MacAppImageBuilder(Map<String, Object> params, Path imageOutDir)
throws IOException {
super(params, imageOutDir.resolve(APP_NAME.fetchFrom(params)
+ ".app/Contents/runtime/Contents/Home"));
@@ -366,17 +387,46 @@
Log.error(e.getMessage());
}
String signingIdentity =
DEVELOPER_ID_APP_SIGNING_KEY.fetchFrom(params);
if (signingIdentity != null) {
+ prepareEntitlements(params);
signAppBundle(params, root, signingIdentity,
- BUNDLE_ID_SIGNING_PREFIX.fetchFrom(params), null, null);
+ BUNDLE_ID_SIGNING_PREFIX.fetchFrom(params),
+ getConfig_Entitlements(params).toString(),
+ getConfig_Inherit_Entitlements(params).toString());
}
restoreKeychainList(params);
}
}
+ private File getConfig_Entitlements(Map<String, ? super Object> params) {
+ return new File(CONFIG_ROOT.fetchFrom(params),
+ getLauncherName(params) + ".entitlements");
+ }
+
+ private File getConfig_Inherit_Entitlements(
+ Map<String, ? super Object> params) {
+ return new File(CONFIG_ROOT.fetchFrom(params),
+ getLauncherName(params) + "_Inherit.entitlements");
+ }
+
+ private void prepareEntitlements(Map<String, ? super Object> params)
+ throws IOException {
+ createResource(DEFAULT_ENTITLEMENTS, params)
+ .setCategory(I18N.getString("resource.mac-entitlements"))
+ // .setExternal(MAC_ENTITLEMENTS.fetchFrom(params))
+ .saveToFile(getConfig_Entitlements(params));
+
+ createResource(DEFAULT_INHERIT_ENTITLEMENTS, params)
+ .setCategory(I18N.getString(
+ "resource.mac-inherit-entitlements"))
+ // .setExternal(MAC_INHERIT_ENTITLEMENTS.fetchFrom(params))
+ .saveToFile(getConfig_Inherit_Entitlements(params));
+ }
+
+
private String getLauncherName(Map<String, ? super Object> params) {
if (APP_NAME.fetchFrom(params) != null) {
return APP_NAME.fetchFrom(params);
} else {
return MAIN_CLASS.fetchFrom(params);
@@ -760,11 +810,12 @@
}
}).filter(p -> Files.isRegularFile(p)
&& !(p.toString().contains("/Contents/MacOS/libjli.dylib")
|| p.toString().endsWith(appExecutable)
|| p.toString().contains("/Contents/runtime")
- || p.toString().contains("/Contents/Frameworks"))).forEach(p -> {
+ || p.toString().contains("/Contents/Frameworks"))
+ ).forEach(p -> {
//noinspection ThrowableResultOfMethodCallIgnored
if (toThrow.get() != null) return;
// If p is a symlink then skip the signing process.
if (Files.isSymbolicLink(p)) {
@@ -776,16 +827,18 @@
if (p.toString().endsWith(LIBRARY_NAME)) {
if (isFileSigned(p)) {
return;
}
}
-
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
- "-s", signingIdentity, // sign with this key
+ "--timestamp",
+ "--options", "runtime",
+ "--deep",
+ "--force",
+ "-s", signingIdentity,
"--prefix", identifierPrefix,
- // use the identifier as a prefix
"-vvvv"));
if (entitlementsFile != null &&
(p.toString().endsWith(".jar")
|| p.toString().endsWith(".dylib"))) {
args.add("--entitlements");
@@ -834,23 +887,40 @@
"-f",
"-s", signingIdentity, // sign with this key
"--prefix", identifierPrefix,
// use the identifier as a prefix
"-vvvv"));
+
+ if (entitlementsFile != null &&
+ (path.toString().endsWith(".jar")
+ || path.toString().endsWith(".dylib"))) {
+ args.add("--entitlements");
+ args.add(entitlementsFile); // entitlements
+ } else if (inheritedEntitlements != null &&
+ Files.isExecutable(path)) {
+ args.add("--entitlements");
+ args.add(inheritedEntitlements);
+ // inherited entitlements for executable processes
+ }
+
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
args.add(path.toString());
ProcessBuilder pb = new ProcessBuilder(args);
IOUtils.exec(pb);
+
args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
- "-s", signingIdentity, // sign with this key
+ "--timestamp",
+ "--options", "runtime",
+ "--deep",
+ "--force",
+ "-s", signingIdentity,
"--prefix", identifierPrefix,
- // use the identifier as a prefix
"-vvvv"));
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
@@ -884,12 +954,16 @@
}
// sign the app itself
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
- "-s", signingIdentity, // sign with this key
- "-vvvv")); // super verbose output
+ "--timestamp",
+ "--options", "runtime",
+ "--deep",
+ "--force",
+ "-s", signingIdentity,
+ "-vvvv"));
if (entitlementsFile != null) {
args.add("--entitlements");
args.add(entitlementsFile); // entitlements
}
if (keyChain != null && !keyChain.isEmpty()) {
< prev index next >