Skip to content
Permalink
Browse files
8257924: Use full path when running external executable from jpackage
Reviewed-by: herrick, asemenyuk
  • Loading branch information
Alexander Matveev committed Dec 10, 2020
1 parent 1ce2a36 commit eb1c8a15b6a64aa228e5dbb310bb54dbc4bf5543
Show file tree
Hide file tree
Showing 9 changed files with 22 additions and 21 deletions.
@@ -127,7 +127,7 @@ private static void doValidate(Map<String, ? super Object> params)

// Signing will not work without Xcode with command line developer tools
try {
ProcessBuilder pb = new ProcessBuilder("xcrun", "--help");
ProcessBuilder pb = new ProcessBuilder("/usr/bin/xcrun", "--help");
Process p = pb.start();
int code = p.waitFor();
if (code != 0) {
@@ -582,7 +582,7 @@ public static void addNewKeychain(Map<String, ? super Object> params)
});

List<String> args = new ArrayList<>();
args.add("security");
args.add("/usr/bin/security");
args.add("list-keychains");
args.add("-s");

@@ -607,7 +607,7 @@ public static void restoreKeychainList(Map<String, ? super Object> params)
}

List<String> args = new ArrayList<>();
args.add("security");
args.add("/usr/bin/security");
args.add("list-keychains");
args.add("-s");

@@ -658,7 +658,7 @@ static void signAppBundle(
"message.already.signed"), p.toString()));
} else {
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
args.addAll(Arrays.asList("/usr/bin/codesign",
"--timestamp",
"--options", "runtime",
"-s", signingIdentity,
@@ -706,7 +706,7 @@ static void signAppBundle(

try {
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
args.addAll(Arrays.asList("/usr/bin/codesign",
"--timestamp",
"--options", "runtime",
"--force",
@@ -751,7 +751,7 @@ static void signAppBundle(

// sign the app itself
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
args.addAll(Arrays.asList("/usr/bin/codesign",
"--timestamp",
"--options", "runtime",
"--force",
@@ -778,7 +778,8 @@ static void signAppBundle(

private static boolean isFileSigned(Path file) {
ProcessBuilder pb =
new ProcessBuilder("codesign", "--verify", file.toString());
new ProcessBuilder("/usr/bin/codesign",
"--verify", file.toString());

try {
IOUtils.exec(pb);
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -152,7 +152,7 @@ public Path bundle(Map<String, ? super Object> params,
MAC_APP_STORE_PKG_SIGNING_KEY.fetchFrom(params);

List<String> buildOptions = new ArrayList<>();
buildOptions.add("productbuild");
buildOptions.add("/usr/bin/productbuild");
buildOptions.add("--component");
buildOptions.add(appLocation.toString());
buildOptions.add("/Applications");
@@ -164,7 +164,7 @@ public static String findKey(String keyPrefix, String teamName, String keychainN
try (ByteArrayOutputStream baos = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(baos)) {
List<String> searchOptions = new ArrayList<>();
searchOptions.add("security");
searchOptions.add("/usr/bin/security");
searchOptions.add("find-certificate");
searchOptions.add("-c");
searchOptions.add(key);
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -56,7 +56,7 @@ private static Path findCertificate(String certificate) {
Path result = null;

List<String> args = new ArrayList<>();
args.add("security");
args.add("/usr/bin/security");
args.add("find-certificate");
args.add("-c");
args.add(certificate);
@@ -245,7 +245,7 @@ private String findSetFileUtility() {

// generic find attempt
try {
ProcessBuilder pb = new ProcessBuilder("xcrun", "-find", "SetFile");
ProcessBuilder pb = new ProcessBuilder("/usr/bin/xcrun", "-find", "SetFile");
Process p = pb.start();
InputStreamReader isr = new InputStreamReader(p.getInputStream());
BufferedReader br = new BufferedReader(isr);
@@ -387,7 +387,7 @@ private Path buildDMG( Map<String, ? super Object> params,
// to install-dir in DMG as critical error, since it can fail in
// headless enviroment.
try {
pb = new ProcessBuilder("osascript",
pb = new ProcessBuilder("/usr/bin/osascript",
getConfig_VolumeScript(params).toAbsolutePath().toString());
IOUtils.exec(pb, 180); // Wait 3 minutes. See JDK-8248248.
} catch (IOException ex) {
@@ -418,7 +418,7 @@ private Path createPKG(Map<String, ? super Object> params,

// Generate default CPL file
Path cpl = CONFIG_ROOT.fetchFrom(params).resolve("cpl.plist");
ProcessBuilder pb = new ProcessBuilder("pkgbuild",
ProcessBuilder pb = new ProcessBuilder("/usr/bin/pkgbuild",
"--root",
root,
"--install-location",
@@ -433,7 +433,7 @@ private Path createPKG(Map<String, ? super Object> params,
preparePackageScripts(params);

// build application package
pb = new ProcessBuilder("pkgbuild",
pb = new ProcessBuilder("/usr/bin/pkgbuild",
"--root",
root,
"--install-location",
@@ -454,7 +454,7 @@ private Path createPKG(Map<String, ? super Object> params,
Files.createDirectories(outdir);

List<String> commandLine = new ArrayList<>();
commandLine.add("productbuild");
commandLine.add("/usr/bin/productbuild");

commandLine.add("--resources");
commandLine.add(CONFIG_ROOT.fetchFrom(params).toAbsolutePath().toString());
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -51,7 +51,7 @@ private static void checkString(List<String> result, String lookupString) {
private static List<String> codesignResult(Path target, boolean signed) {
int exitCode = signed ? 0 : 1;
List<String> result = new Executor()
.setExecutable("codesign")
.setExecutable("/usr/bin/codesign")
.addArguments("--verify", "--deep", "--strict", "--verbose=2",
target.toString())
.saveOutput()
@@ -47,7 +47,7 @@ public static void checkCertificates() {

private static List<String> findCertificate(String name, String keyChain) {
List<String> result = new Executor()
.setExecutable("security")
.setExecutable("/usr/bin/security")
.addArguments("find-certificate", "-c", name, "-a", keyChain)
.executeAndGetOutput();

@@ -89,7 +89,7 @@ private static void validateCertificateTrust(String name) {
// will not be listed as trusted by dump-trust-settings
if (SigningBase.DEV_NAME.equals("jpackage.openjdk.java.net")) {
List<String> result = new Executor()
.setExecutable("security")
.setExecutable("/usr/bin/security")
.addArguments("dump-trust-settings")
.executeWithoutExitCodeCheckAndGetOutput();
result.stream().forEachOrdered(TKit::trace);

1 comment on commit eb1c8a1

@openjdk-notifier
Copy link

@openjdk-notifier openjdk-notifier bot commented on eb1c8a1 Dec 10, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.