< prev index next >
src/jdk.incubator.jpackage/macosx/classes/jdk/incubator/jpackage/internal/MacAppImageBuilder.java
Print this page
*** 366,383 ****
Log.error(e.getMessage());
}
String signingIdentity =
DEVELOPER_ID_APP_SIGNING_KEY.fetchFrom(params);
if (signingIdentity != null) {
signAppBundle(params, root, signingIdentity,
! BUNDLE_ID_SIGNING_PREFIX.fetchFrom(params), null, null);
}
restoreKeychainList(params);
}
}
! private String getLauncherName(Map<String, ? super Object> params) {
if (APP_NAME.fetchFrom(params) != null) {
return APP_NAME.fetchFrom(params);
} else {
return MAIN_CLASS.fetchFrom(params);
}
--- 366,397 ----
Log.error(e.getMessage());
}
String signingIdentity =
DEVELOPER_ID_APP_SIGNING_KEY.fetchFrom(params);
if (signingIdentity != null) {
+ prepareEntitlements(params);
signAppBundle(params, root, signingIdentity,
! BUNDLE_ID_SIGNING_PREFIX.fetchFrom(params),
! getConfig_Entitlements(params));
}
restoreKeychainList(params);
}
}
! static File getConfig_Entitlements(Map<String, ? super Object> params) {
! return new File(CONFIG_ROOT.fetchFrom(params),
! getLauncherName(params) + ".entitlements");
! }
!
! static void prepareEntitlements(Map<String, ? super Object> params)
! throws IOException {
! createResource("entitlements.plist", params)
! .setCategory(I18N.getString("resource.entitlements"))
! .saveToFile(getConfig_Entitlements(params));
! }
!
! private static String getLauncherName(Map<String, ? super Object> params) {
if (APP_NAME.fetchFrom(params) != null) {
return APP_NAME.fetchFrom(params);
} else {
return MAIN_CLASS.fetchFrom(params);
}
*** 733,752 ****
ProcessBuilder pb = new ProcessBuilder(args);
IOUtils.exec(pb);
}
! public static void signAppBundle(
Map<String, ? super Object> params, Path appLocation,
! String signingIdentity, String identifierPrefix,
! String entitlementsFile, String inheritedEntitlements)
throws IOException {
AtomicReference<IOException> toThrow = new AtomicReference<>();
String appExecutable = "/Contents/MacOS/" + APP_NAME.fetchFrom(params);
String keyChain = SIGNING_KEYCHAIN.fetchFrom(params);
! // sign all dylibs and jars
try (Stream<Path> stream = Files.walk(appLocation)) {
stream.peek(path -> { // fix permissions
try {
Set<PosixFilePermission> pfp =
Files.getPosixFilePermissions(path);
--- 747,765 ----
ProcessBuilder pb = new ProcessBuilder(args);
IOUtils.exec(pb);
}
! static void signAppBundle(
Map<String, ? super Object> params, Path appLocation,
! String signingIdentity, String identifierPrefix, File entitlements)
throws IOException {
AtomicReference<IOException> toThrow = new AtomicReference<>();
String appExecutable = "/Contents/MacOS/" + APP_NAME.fetchFrom(params);
String keyChain = SIGNING_KEYCHAIN.fetchFrom(params);
! // sign all dylibs and executables
try (Stream<Path> stream = Files.walk(appLocation)) {
stream.peek(path -> { // fix permissions
try {
Set<PosixFilePermission> pfp =
Files.getPosixFilePermissions(path);
*** 756,816 ****
Files.setPosixFilePermissions(path, pfp);
}
} catch (IOException e) {
Log.verbose(e);
}
! }).filter(p -> Files.isRegularFile(p)
! && !(p.toString().contains("/Contents/MacOS/libjli.dylib")
! || p.toString().endsWith(appExecutable)
|| p.toString().contains("/Contents/runtime")
! || p.toString().contains("/Contents/Frameworks"))).forEach(p -> {
! //noinspection ThrowableResultOfMethodCallIgnored
if (toThrow.get() != null) return;
// If p is a symlink then skip the signing process.
if (Files.isSymbolicLink(p)) {
- if (VERBOSE.fetchFrom(params)) {
Log.verbose(MessageFormat.format(I18N.getString(
"message.ignoring.symlink"), p.toString()));
! }
} else {
- if (p.toString().endsWith(LIBRARY_NAME)) {
- if (isFileSigned(p)) {
- return;
- }
- }
-
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "-s", signingIdentity, // sign with this key
"--prefix", identifierPrefix,
- // use the identifier as a prefix
"-vvvv"));
- if (entitlementsFile != null &&
- (p.toString().endsWith(".jar")
- || p.toString().endsWith(".dylib"))) {
- args.add("--entitlements");
- args.add(entitlementsFile); // entitlements
- } else if (inheritedEntitlements != null &&
- Files.isExecutable(p)) {
- args.add("--entitlements");
- args.add(inheritedEntitlements);
- // inherited entitlements for executable processes
- }
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
args.add(p.toString());
try {
Set<PosixFilePermission> oldPermissions =
Files.getPosixFilePermissions(p);
File f = p.toFile();
f.setWritable(true, true);
ProcessBuilder pb = new ProcessBuilder(args);
IOUtils.exec(pb);
Files.setPosixFilePermissions(p, oldPermissions);
} catch (IOException ioe) {
toThrow.set(ioe);
--- 769,825 ----
Files.setPosixFilePermissions(path, pfp);
}
} catch (IOException e) {
Log.verbose(e);
}
! }).filter(p -> Files.isRegularFile(p) &&
! (Files.isExecutable(p) || p.toString().endsWith(".dylib"))
! && !(p.toString().endsWith(appExecutable)
|| p.toString().contains("/Contents/runtime")
! || p.toString().contains("/Contents/Frameworks"))
! ).forEach(p -> {
! // noinspection ThrowableResultOfMethodCallIgnored
if (toThrow.get() != null) return;
// If p is a symlink then skip the signing process.
if (Files.isSymbolicLink(p)) {
Log.verbose(MessageFormat.format(I18N.getString(
"message.ignoring.symlink"), p.toString()));
! } else if (isFileSigned(p)) {
! // executable or lib already signed
! Log.verbose(MessageFormat.format(I18N.getString(
! "message.already.signed"), p.toString()));
} else {
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "--timestamp",
! "--options", "runtime",
! "-s", signingIdentity,
"--prefix", identifierPrefix,
"-vvvv"));
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
+
+ if (Files.isExecutable(p)) {
+ if (entitlements != null) {
+ args.add("--entitlements");
+ args.add(entitlements.toString());
+ }
+ }
+
args.add(p.toString());
try {
Set<PosixFilePermission> oldPermissions =
Files.getPosixFilePermissions(p);
File f = p.toFile();
f.setWritable(true, true);
ProcessBuilder pb = new ProcessBuilder(args);
+
IOUtils.exec(pb);
Files.setPosixFilePermissions(p, oldPermissions);
} catch (IOException ioe) {
toThrow.set(ioe);
*** 829,864 ****
if (toThrow.get() != null) return;
try {
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "-f",
"-s", signingIdentity, // sign with this key
"--prefix", identifierPrefix,
// use the identifier as a prefix
"-vvvv"));
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
args.add(path.toString());
ProcessBuilder pb = new ProcessBuilder(args);
- IOUtils.exec(pb);
- args = new ArrayList<>();
- args.addAll(Arrays.asList("codesign",
- "-s", signingIdentity, // sign with this key
- "--prefix", identifierPrefix,
- // use the identifier as a prefix
- "-vvvv"));
- if (keyChain != null && !keyChain.isEmpty()) {
- args.add("--keychain");
- args.add(keyChain);
- }
- args.add(path.toString()
- + "/Contents/_CodeSignature/CodeResources");
- pb = new ProcessBuilder(args);
IOUtils.exec(pb);
} catch (IOException e) {
toThrow.set(e);
}
};
--- 838,863 ----
if (toThrow.get() != null) return;
try {
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "--timestamp",
! "--options", "runtime",
! "--deep",
! "--force",
"-s", signingIdentity, // sign with this key
"--prefix", identifierPrefix,
// use the identifier as a prefix
"-vvvv"));
+
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
args.add(path.toString());
ProcessBuilder pb = new ProcessBuilder(args);
IOUtils.exec(pb);
} catch (IOException e) {
toThrow.set(e);
}
};
*** 884,907 ****
}
// sign the app itself
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "-s", signingIdentity, // sign with this key
! "-vvvv")); // super verbose output
! if (entitlementsFile != null) {
! args.add("--entitlements");
! args.add(entitlementsFile); // entitlements
! }
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
args.add(appLocation.toString());
ProcessBuilder pb =
new ProcessBuilder(args.toArray(new String[args.size()]));
IOUtils.exec(pb);
}
private static boolean isFileSigned(Path file) {
ProcessBuilder pb =
--- 883,914 ----
}
// sign the app itself
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "--timestamp",
! "--options", "runtime",
! "--deep",
! "--force",
! "-s", signingIdentity,
! "-vvvv"));
!
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
+
+ if (entitlements != null) {
+ args.add("--entitlements");
+ args.add(entitlements.toString());
+ }
+
args.add(appLocation.toString());
ProcessBuilder pb =
new ProcessBuilder(args.toArray(new String[args.size()]));
+
IOUtils.exec(pb);
}
private static boolean isFileSigned(Path file) {
ProcessBuilder pb =
< prev index next >