< prev index next >
src/jdk.incubator.jpackage/macosx/classes/jdk/incubator/jpackage/internal/MacAppImageBuilder.java
Print this page
@@ -367,11 +367,11 @@
}
String signingIdentity =
DEVELOPER_ID_APP_SIGNING_KEY.fetchFrom(params);
if (signingIdentity != null) {
signAppBundle(params, root, signingIdentity,
- BUNDLE_ID_SIGNING_PREFIX.fetchFrom(params), null, null);
+ BUNDLE_ID_SIGNING_PREFIX.fetchFrom(params));
}
restoreKeychainList(params);
}
}
@@ -735,18 +735,17 @@
IOUtils.exec(pb);
}
public static void signAppBundle(
Map<String, ? super Object> params, Path appLocation,
- String signingIdentity, String identifierPrefix,
- String entitlementsFile, String inheritedEntitlements)
+ String signingIdentity, String identifierPrefix)
throws IOException {
AtomicReference<IOException> toThrow = new AtomicReference<>();
String appExecutable = "/Contents/MacOS/" + APP_NAME.fetchFrom(params);
String keyChain = SIGNING_KEYCHAIN.fetchFrom(params);
- // sign all dylibs and jars
+ // sign all dylibs and executables
try (Stream<Path> stream = Files.walk(appLocation)) {
stream.peek(path -> { // fix permissions
try {
Set<PosixFilePermission> pfp =
Files.getPosixFilePermissions(path);
@@ -756,16 +755,17 @@
Files.setPosixFilePermissions(path, pfp);
}
} catch (IOException e) {
Log.verbose(e);
}
- }).filter(p -> Files.isRegularFile(p)
- && !(p.toString().contains("/Contents/MacOS/libjli.dylib")
- || p.toString().endsWith(appExecutable)
+ }).filter(p -> Files.isRegularFile(p) &&
+ (Files.isExecutable(p) || p.toString().endsWith(".dylib"))
+ && !(p.toString().endsWith(appExecutable)
|| p.toString().contains("/Contents/runtime")
- || p.toString().contains("/Contents/Frameworks"))).forEach(p -> {
- //noinspection ThrowableResultOfMethodCallIgnored
+ || p.toString().contains("/Contents/Frameworks"))
+ ).forEach(p -> {
+ // noinspection ThrowableResultOfMethodCallIgnored
if (toThrow.get() != null) return;
// If p is a symlink then skip the signing process.
if (Files.isSymbolicLink(p)) {
if (VERBOSE.fetchFrom(params)) {
@@ -776,28 +776,17 @@
if (p.toString().endsWith(LIBRARY_NAME)) {
if (isFileSigned(p)) {
return;
}
}
-
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
- "-s", signingIdentity, // sign with this key
+ "--timestamp",
+ "--options", "runtime",
+ "-s", signingIdentity,
"--prefix", identifierPrefix,
- // use the identifier as a prefix
"-vvvv"));
- if (entitlementsFile != null &&
- (p.toString().endsWith(".jar")
- || p.toString().endsWith(".dylib"))) {
- args.add("--entitlements");
- args.add(entitlementsFile); // entitlements
- } else if (inheritedEntitlements != null &&
- Files.isExecutable(p)) {
- args.add("--entitlements");
- args.add(inheritedEntitlements);
- // inherited entitlements for executable processes
- }
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
args.add(p.toString());
@@ -807,10 +796,11 @@
Files.getPosixFilePermissions(p);
File f = p.toFile();
f.setWritable(true, true);
ProcessBuilder pb = new ProcessBuilder(args);
+
IOUtils.exec(pb);
Files.setPosixFilePermissions(p, oldPermissions);
} catch (IOException ioe) {
toThrow.set(ioe);
@@ -829,36 +819,26 @@
if (toThrow.get() != null) return;
try {
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
- "-f",
+ "--timestamp",
+ "--options", "runtime",
+ "--deep",
+ "--force",
"-s", signingIdentity, // sign with this key
"--prefix", identifierPrefix,
// use the identifier as a prefix
"-vvvv"));
+
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
args.add(path.toString());
ProcessBuilder pb = new ProcessBuilder(args);
- IOUtils.exec(pb);
- args = new ArrayList<>();
- args.addAll(Arrays.asList("codesign",
- "-s", signingIdentity, // sign with this key
- "--prefix", identifierPrefix,
- // use the identifier as a prefix
- "-vvvv"));
- if (keyChain != null && !keyChain.isEmpty()) {
- args.add("--keychain");
- args.add(keyChain);
- }
- args.add(path.toString()
- + "/Contents/_CodeSignature/CodeResources");
- pb = new ProcessBuilder(args);
IOUtils.exec(pb);
} catch (IOException e) {
toThrow.set(e);
}
};
@@ -884,24 +864,25 @@
}
// sign the app itself
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
- "-s", signingIdentity, // sign with this key
- "-vvvv")); // super verbose output
- if (entitlementsFile != null) {
- args.add("--entitlements");
- args.add(entitlementsFile); // entitlements
- }
+ "--timestamp",
+ "--options", "runtime",
+ "--deep",
+ "--force",
+ "-s", signingIdentity,
+ "-vvvv"));
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
args.add(appLocation.toString());
ProcessBuilder pb =
new ProcessBuilder(args.toArray(new String[args.size()]));
+
IOUtils.exec(pb);
}
private static boolean isFileSigned(Path file) {
ProcessBuilder pb =
< prev index next >