8298343: "Could not confirm if TargetJDK is hardened." warning for SA tests on macosx-aarch64-debug

[plummercj]

In the log for most SA tests on macos-aarch64-debug, you will see something like:

STDOUT: Executable=/System/Volumes/Data/mesos/work_dir/jib-master/install/2022-12-07-2219530.chris.plummer.jdk/macosx-aarch64-debug.jdk/jdk-20/fastdebug/bin/java
...
STDOUT: CodeDirectory v=20400 size=758 flags=0x2(adhoc) hashes=13+7 location=embedded
STDOUT: Signature=adhoc
...
Could not confirm if TargetJDK is hardened. Assuming not hardened.

The message at the end shouldn't be happening. The problem is in Platform.isHardenedOSX(), which is searching for "flags=0x20002(adhoc,linker-signed)", but instead we are seeing "flags=0x2(adhoc)". This is due to JDK-8293550, which is now explicitly adding adhoc signing. Previously we just allowed the linker to just do the default adhoc signing, which is why you would also see the "linker-signed" flag. Since we explicitly do adhoc signing now, "linker-signed" is missing.

The fix is to just allow either form. Since it is possible to build without the explicit adhoc signing, we still need to support the old form that includes "linker-signed".

There seems to be no adverse affects from this bug, other than seeing the above message, since the conclusion that the JDK is not hardened is the correct one.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8298343: "Could not confirm if TargetJDK is hardened." warning for SA tests on macosx-aarch64-debug

Reviewers

• Alex Menkov (@alexmenkov - Reviewer)
• Kevin Walls (@kevinjwalls - Committer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk pull/11619/head:pull/11619
$ git checkout pull/11619

Update a local copy of the PR:
$ git checkout pull/11619
$ git pull https://git.openjdk.org/jdk pull/11619/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 11619

View PR using the GUI difftool:
$ git pr show -t 11619

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/11619.diff

[plummercj]

/label serviceability

[bridgekeeper]

👋 Welcome back cjplummer! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@plummercj
The serviceability label was successfully added.

[mlbridge]

Webrevs

• 00: Full (8877411e)

[openjdk]

@plummercj This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8298343: "Could not confirm if TargetJDK is hardened." warning for SA tests on macosx-aarch64-debug

Reviewed-by: amenkov, kevinw

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 4 new commits pushed to the master branch:

• d646e32: 8298090: Use String.join() instead of manual loop in DescriptorSupport.toString
• a37de62: 8298126: Print statistics for objects in CDS archive heap
• 8ea2a67: 8292265: Add old gen used field at G1HeapSummary JFR event
• 478ef38: 8296812: sprintf is deprecated in Xcode 14

Please see this link for an up-to-date comparison between the source branch of this pull request and the master branch.
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[plummercj]

Thank you Alex and Serguei.

/integrate

[openjdk]

@plummercj Unknown command intergrate - for a list of valid commands use /help.

[plummercj]

/integrate

[openjdk]

Going to push as commit 781a2e0.
Since your change was applied there have been 10 commits pushed to the master branch:

• 9ff85f6: 8298589: java/net/SctpSanity.java fail with NoClassDefFoundError: sun/nio/ch/sctp/UnsupportedUtil
• 81f57d5: 8298567: Make field in RandomAccessFile final
• 56c438b: 8297822: De-duplicate code in module jdk.sctp
• fabda24: 8296389: C2: PhaseCFG::convert_NeverBranch_to_Goto must handle both orders of successors
• 6c23b4f: 8298480: Remove unused KlassRemSet
• 8e5c331: 8298471: Parallel: Don't keep alive nmethods in Young GC
• d646e32: 8298090: Use String.join() instead of manual loop in DescriptorSupport.toString
• a37de62: 8298126: Print statistics for objects in CDS archive heap
• 8ea2a67: 8292265: Add old gen used field at G1HeapSummary JFR event
• 478ef38: 8296812: sprintf is deprecated in Xcode 14

Your commit was automatically rebased without conflicts.

[openjdk]

@plummercj Pushed as commit 781a2e0.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.