Skip to content

Commit

Permalink
8332110: [macos] jpackage tries to sign added files without the --mac…
Browse files Browse the repository at this point in the history
…-sign option

Reviewed-by: asemenyuk
  • Loading branch information
Alexander Matveev committed May 31, 2024
1 parent 8aeada1 commit 9fd0e73
Show file tree
Hide file tree
Showing 6 changed files with 39 additions and 14 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -75,6 +75,7 @@
import static jdk.jpackage.internal.StandardBundlerParam.ADD_LAUNCHERS;
import static jdk.jpackage.internal.StandardBundlerParam.SIGN_BUNDLE;
import static jdk.jpackage.internal.StandardBundlerParam.APP_STORE;
import static jdk.jpackage.internal.StandardBundlerParam.APP_CONTENT;
import static jdk.jpackage.internal.StandardBundlerParam.getPredefinedAppImage;
import static jdk.jpackage.internal.StandardBundlerParam.hasPredefinedAppImage;

Expand Down Expand Up @@ -733,20 +734,31 @@ private static List<String> getCodesignArgs(
return args;
}

private static void runCodesign(ProcessBuilder pb, boolean quiet)
throws IOException {
private static void runCodesign(
ProcessBuilder pb, boolean quiet, Map<String, ? super Object> params)
throws IOException {
try (ByteArrayOutputStream baos = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(baos)) {
try {
IOUtils.exec(pb, false, ps, false,
Executor.INFINITE_TIMEOUT, quiet);
} catch (IOException ioe) {
// Log output of "codesign" in case of
// error. It should help user to diagnose
// issue when using --mac-app-image-sign-identity
// Log output of "codesign" in case of error. It should help
// user to diagnose issues when using --mac-app-image-sign-identity.
// In addition add possible reason for failure. For example
// "--app-content" can fail "codesign".

// APP_CONTENT is never null.
if (!APP_CONTENT.fetchFrom(params).isEmpty()) {
Log.info(I18N.getString(
"message.codesign.failed.reason.app.content"));
}

// Log "codesign" output
Log.info(MessageFormat.format(I18N.getString(
"error.tool.failed.with.output"), "codesign"));
Log.info(baos.toString().strip());

throw ioe;
}
}
Expand Down Expand Up @@ -818,7 +830,7 @@ static void signAppBundle(
p.toFile().setWritable(true, true);
ProcessBuilder pb = new ProcessBuilder(args);
// run quietly
runCodesign(pb, true);
runCodesign(pb, true, params);
Files.setPosixFilePermissions(p, oldPermissions);
} catch (IOException ioe) {
toThrow.set(ioe);
Expand Down Expand Up @@ -846,7 +858,7 @@ static void signAppBundle(
List<String> args = getCodesignArgs(true, path, signingIdentity,
identifierPrefix, entitlements, keyChain);
ProcessBuilder pb = new ProcessBuilder(args);
runCodesign(pb, false);
runCodesign(pb, false, params);
} catch (IOException e) {
toThrow.set(e);
}
Expand Down Expand Up @@ -877,7 +889,7 @@ static void signAppBundle(
List<String> args = getCodesignArgs(true, appLocation, signingIdentity,
identifierPrefix, entitlements, keyChain);
ProcessBuilder pb = new ProcessBuilder(args);
runCodesign(pb, false);
runCodesign(pb, false, params);
}

private static String extractBundleIdentifier(Map<String, Object> params) {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#
# Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -94,5 +94,6 @@ message.preparing-distribution-dist=Preparing distribution.dist: {0}.
message.signing.pkg=Warning: For signing PKG, you might need to set "Always Trust" for your certificate using "Keychain Access" tool.
message.setfile.dmg=Setting custom icon on DMG file skipped because 'SetFile' utility was not found. Installing Xcode with Command Line Tools should resolve this issue.
message.install-dir-ignored=Warning: "--install-dir" is not supported by DMG and will be default to /Applications.
message.codesign.failed.reason.app.content="codesign" failed and additional application content was supplied via the "--app-content" parameter. Probably the additional content broke the integrity of the application bundle and caused the failure. Ensure content supplied via the "--app-content" parameter does not break the integrity of the application bundle, or add it in the post-processing step.
warning.unsigned.app.image=Warning: Using unsigned app-image to build signed {0}.
warning.per.user.app.image.signed=Warning: Support for per-user configuration of the installed application will not be supported due to missing "{0}" in predefined signed application image.
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#
# Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -94,5 +94,6 @@ message.preparing-distribution-dist=distribution.dist wird vorbereitet: {0}.
message.signing.pkg=Warnung: Zum Signieren von PKG müssen Sie möglicherweise mit dem Schlüsselbundverwaltungstool die Option "Immer vertrauen" für Ihr Zertifikat festlegen.
message.setfile.dmg=Das Festlegen des benutzerdefinierten Symbols für die DMG-Datei wurde übersprungen, weil das Utility "SetFile" nicht gefunden wurde. Durch Installieren von Xcode mit Befehlszeilentools sollte dieses Problem behoben werden.
message.install-dir-ignored=Warnung: "--install-dir" wird von DMG nicht unterstützt. Stattdessen wird standardmäßig /Applications verwendet.
message.codesign.failed.reason.app.content="codesign" failed and additional application content was supplied via the "--app-content" parameter. Probably the additional content broke the integrity of the application bundle and caused the failure. Ensure content supplied via the "--app-content" parameter does not break the integrity of the application bundle, or add it in the post-processing step.
warning.unsigned.app.image=Warnung: Nicht signiertes app-image wird zum Erstellen von signiertem {0} verwendet.
warning.per.user.app.image.signed=Warnung: Konfiguration der installierten Anwendung pro Benutzer wird nicht unterstützt, da "{0}" im vordefinierten signierten Anwendungsimage fehlt.
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#
# Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -94,5 +94,6 @@ message.preparing-distribution-dist=distribution.distを準備しています: {
message.signing.pkg=警告: PKGへの署名の場合、「キーチェーン・アクセス」ツールを使用して証明書に「常に信頼する」を設定する必要があります。
message.setfile.dmg='SetFile'ユーティリティが見つからないため、DMGファイルでのカスタム・アイコンの設定がスキップされました。Xcodeとコマンド・ライン・ツールをインストールすると、この問題は解決されます。
message.install-dir-ignored=警告: "--install-dir"はDMGでサポートされていません。/Applicationsにデフォルト設定されます。
message.codesign.failed.reason.app.content="codesign" failed and additional application content was supplied via the "--app-content" parameter. Probably the additional content broke the integrity of the application bundle and caused the failure. Ensure content supplied via the "--app-content" parameter does not break the integrity of the application bundle, or add it in the post-processing step.
warning.unsigned.app.image=警告: 署名されていないapp-imageを使用して署名された{0}を作成します。
warning.per.user.app.image.signed=警告: 事前定義済の署名付きアプリケーション・イメージに"{0}"がないため、インストール済アプリケーションのユーザーごとの構成はサポートされません。
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#
# Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -94,5 +94,6 @@ message.preparing-distribution-dist=正在准备 distribution.dist: {0}。
message.signing.pkg=警告:要对 PKG 进行签名,可能需要使用“密钥链访问”工具为证书设置“始终信任”。
message.setfile.dmg=由于未找到 'SetFile' 实用程序,跳过了针对 DMG 文件设置定制图标的操作。安装带命令行工具的 Xcode 应能解决此问题。
message.install-dir-ignored=警告:"--install-dir" 不受 DMG 支持,将默认为 /Applications。
message.codesign.failed.reason.app.content="codesign" failed and additional application content was supplied via the "--app-content" parameter. Probably the additional content broke the integrity of the application bundle and caused the failure. Ensure content supplied via the "--app-content" parameter does not break the integrity of the application bundle, or add it in the post-processing step.
warning.unsigned.app.image=警告:使用未签名的 app-image 生成已签名的 {0}。
warning.per.user.app.image.signed=警告:由于预定义的已签名应用程序映像中缺少 "{0}",不支持对已安装应用程序的每用户配置提供支持。
11 changes: 10 additions & 1 deletion test/jdk/tools/jpackage/macosx/SigningOptionsTest.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2023, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -57,6 +57,9 @@ public final class SigningOptionsTest {
private final String expectedError;
private final JPackageCommand cmd;

private static final String TEST_DUKE = TKit.TEST_SRC_ROOT.resolve(
"apps/dukeplug.png").toString();

@Parameters
public static Collection input() {
return List.of(new Object[][]{
Expand Down Expand Up @@ -87,6 +90,12 @@ public static Collection input() {
"--mac-installer-sign-identity", "test-identity"},
new String[]{"--type"},
"Option [--mac-installer-sign-identity] is not valid with type"},
// --app-content and --type app-image
{"Hello",
new String[]{"--app-content", TEST_DUKE},
null,
"\"codesign\" failed and additional application content" +
" was supplied via the \"--app-content\" parameter."},
});
}

Expand Down

1 comment on commit 9fd0e73

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.