Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files
8271868: Warn user when using mac-sign option with unsigned app-image.
Reviewed-by: asemenyuk
  • Loading branch information
Andy Herrick committed Sep 9, 2021
1 parent dfacda4 commit a37254c79fa5973465d90f4b52ab88fe68016c9f
@@ -35,6 +35,7 @@
import static jdk.jpackage.internal.StandardBundlerParam.MAIN_CLASS;
import static jdk.jpackage.internal.StandardBundlerParam.VERBOSE;
import static jdk.jpackage.internal.StandardBundlerParam.VERSION;
import static jdk.jpackage.internal.StandardBundlerParam.SIGN_BUNDLE;

public class MacAppBundler extends AppImageBundler {
public MacAppBundler() {
@@ -125,7 +126,7 @@ private static void doValidate(Map<String, ? super Object> params)
}

// reject explicitly set sign to true and no valid signature key
if (Optional.ofNullable(MacAppImageBuilder.
if (Optional.ofNullable(
SIGN_BUNDLE.fetchFrom(params)).orElse(Boolean.FALSE)) {
String signingIdentity =
DEVELOPER_ID_APP_SIGNING_KEY.fetchFrom(params);
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -66,6 +66,7 @@
import static jdk.jpackage.internal.StandardBundlerParam.PREDEFINED_APP_IMAGE;
import static jdk.jpackage.internal.StandardBundlerParam.VERSION;
import static jdk.jpackage.internal.StandardBundlerParam.ADD_LAUNCHERS;
import static jdk.jpackage.internal.StandardBundlerParam.SIGN_BUNDLE;

public class MacAppImageBuilder extends AbstractAppImageBuilder {

@@ -143,16 +144,6 @@
},
(s, p) -> Path.of(s));

public static final StandardBundlerParam<Boolean> SIGN_BUNDLE =
new StandardBundlerParam<>(
Arguments.CLIOptions.MAC_SIGN.getId(),
Boolean.class,
params -> false,
// valueOf(null) is false, we actually do want null in some cases
(s, p) -> (s == null || "null".equalsIgnoreCase(s)) ?
null : Boolean.valueOf(s)
);

public static final StandardBundlerParam<Boolean> APP_STORE =
new StandardBundlerParam<>(
Arguments.CLIOptions.MAC_APP_STORE.getId(),
@@ -863,5 +854,4 @@ private static String extractBundleIdentifier(Map<String, Object> params) {

return null;
}

}
@@ -34,13 +34,15 @@
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import static jdk.jpackage.internal.StandardBundlerParam.APP_NAME;
import static jdk.jpackage.internal.StandardBundlerParam.INSTALLER_NAME;
import static jdk.jpackage.internal.StandardBundlerParam.INSTALL_DIR;
import static jdk.jpackage.internal.StandardBundlerParam.PREDEFINED_APP_IMAGE;
import static jdk.jpackage.internal.StandardBundlerParam.VERSION;
import static jdk.jpackage.internal.StandardBundlerParam.SIGN_BUNDLE;

public abstract class MacBaseInstallerBundler extends AbstractBundler {

@@ -134,6 +136,20 @@ protected void validateAppImageAndBundeler(
I18N.getString(
"message.app-image-requires-app-name.advice"));
}
if (Optional.ofNullable(
SIGN_BUNDLE.fetchFrom(params)).orElse(Boolean.FALSE)) {
// if signing bundle with app-image, warn user if app-image
// is not allready signed.
try {
if (!(AppImageFile.load(applicationImage).isSigned())) {
Log.info(MessageFormat.format(I18N.getString(
"warning.unsigned.app.image"), getID()));
}
} catch (IOException ioe) {
// Ignore - In case of a forign or tampered with app-image,
// user is notified of this when the name is extracted.
}
}
} else {
appImageBundler.validate(params);
}
@@ -46,6 +46,7 @@
import static jdk.jpackage.internal.StandardBundlerParam.APP_NAME;
import static jdk.jpackage.internal.StandardBundlerParam.LICENSE_FILE;
import static jdk.jpackage.internal.StandardBundlerParam.VERSION;
import static jdk.jpackage.internal.StandardBundlerParam.SIGN_BUNDLE;
import static jdk.jpackage.internal.MacBaseInstallerBundler.SIGNING_KEYCHAIN;
import static jdk.jpackage.internal.MacBaseInstallerBundler.SIGNING_KEY_USER;
import static jdk.jpackage.internal.MacAppImageBuilder.APP_STORE;
@@ -499,7 +500,7 @@ private Path createPKG(Map<String, ? super Object> params,
commandLine.add(CONFIG_ROOT.fetchFrom(params).toAbsolutePath().toString());

// maybe sign
if (Optional.ofNullable(MacAppImageBuilder.
if (Optional.ofNullable(
SIGN_BUNDLE.fetchFrom(params)).orElse(Boolean.TRUE)) {
if (Platform.getMajorVersion() > 10 ||
(Platform.getMajorVersion() == 10 &&
@@ -603,7 +604,7 @@ public boolean validate(Map<String, ? super Object> params)
}

// reject explicitly set sign to true and no valid signature key
if (Optional.ofNullable(MacAppImageBuilder.
if (Optional.ofNullable(
SIGN_BUNDLE.fetchFrom(params)).orElse(Boolean.FALSE)) {
String signingIdentity =
DEVELOPER_ID_INSTALLER_SIGNING_KEY.fetchFrom(params);
@@ -1,5 +1,5 @@
#
# Copyright (c) 2017, 2020, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2017, 2021, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -88,3 +88,4 @@ message.preparing-distribution-dist=Preparing distribution.dist: {0}.
message.signing.pkg=Warning: For signing PKG, you might need to set "Always Trust" for your certificate using "Keychain Access" tool.
message.setfile.dmg=Setting custom icon on DMG file skipped because 'SetFile' utility was not found. Installing Xcode with Command Line Tools should resolve this issue.
message.install-dir-ignored=Warning: "--install-dir" is not supported by DMG and will be default to /Applications.
warning.unsigned.app.image=Warning: Using unsigned app-image to build signed {0}.
@@ -87,3 +87,4 @@ message.preparing-distribution-dist=distribution.dist\u3092\u6E96\u5099\u3057\u3
message.signing.pkg=\u8B66\u544A: PKG\u3078\u306E\u7F72\u540D\u306E\u5834\u5408\u3001\u300C\u30AD\u30FC\u30C1\u30A7\u30FC\u30F3\u30FB\u30A2\u30AF\u30BB\u30B9\u300D\u30C4\u30FC\u30EB\u3092\u4F7F\u7528\u3057\u3066\u8A3C\u660E\u66F8\u306B\u300C\u5E38\u306B\u4FE1\u983C\u3059\u308B\u300D\u3092\u8A2D\u5B9A\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002
message.setfile.dmg='SetFile'\u30E6\u30FC\u30C6\u30A3\u30EA\u30C6\u30A3\u304C\u898B\u3064\u304B\u3089\u306A\u3044\u305F\u3081\u3001DMG\u30D5\u30A1\u30A4\u30EB\u3067\u306E\u30AB\u30B9\u30BF\u30E0\u30FB\u30A2\u30A4\u30B3\u30F3\u306E\u8A2D\u5B9A\u304C\u30B9\u30AD\u30C3\u30D7\u3055\u308C\u307E\u3057\u305F\u3002Xcode\u3068\u30B3\u30DE\u30F3\u30C9\u30FB\u30E9\u30A4\u30F3\u30FB\u30C4\u30FC\u30EB\u3092\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u3059\u308B\u3068\u3001\u3053\u306E\u554F\u984C\u306F\u89E3\u6C7A\u3055\u308C\u307E\u3059\u3002
message.install-dir-ignored=Warning: "--install-dir" is not supported by DMG and will be default to /Applications.
warning.unsigned.app.image=Warning: Using unsigned app-image to build signed {0}.
@@ -87,3 +87,4 @@ message.preparing-distribution-dist=\u6B63\u5728\u51C6\u5907 distribution.dist:
message.signing.pkg=\u8B66\u544A\uFF1A\u8981\u5BF9 PKG \u8FDB\u884C\u7B7E\u540D\uFF0C\u53EF\u80FD\u9700\u8981\u4F7F\u7528\u201C\u5BC6\u94A5\u94FE\u8BBF\u95EE\u201D\u5DE5\u5177\u4E3A\u8BC1\u4E66\u8BBE\u7F6E\u201C\u59CB\u7EC8\u4FE1\u4EFB\u201D\u3002
message.setfile.dmg=\u7531\u4E8E\u672A\u627E\u5230 'SetFile' \u5B9E\u7528\u7A0B\u5E8F\uFF0C\u8DF3\u8FC7\u4E86\u9488\u5BF9 DMG \u6587\u4EF6\u8BBE\u7F6E\u5B9A\u5236\u56FE\u6807\u7684\u64CD\u4F5C\u3002\u5B89\u88C5\u5E26\u547D\u4EE4\u884C\u5DE5\u5177\u7684 Xcode \u5E94\u80FD\u89E3\u51B3\u6B64\u95EE\u9898\u3002
message.install-dir-ignored=Warning: "--install-dir" is not supported by DMG and will be default to /Applications.
warning.unsigned.app.image=Warning: Using unsigned app-image to build signed {0}.
@@ -46,6 +46,7 @@
import static jdk.jpackage.internal.StandardBundlerParam.VERSION;
import static jdk.jpackage.internal.StandardBundlerParam.ADD_LAUNCHERS;
import static jdk.jpackage.internal.StandardBundlerParam.APP_NAME;
import static jdk.jpackage.internal.StandardBundlerParam.SIGN_BUNDLE;

public class AppImageFile {

@@ -54,6 +55,7 @@
private final String creatorPlatform;
private final String launcherName;
private final List<String> addLauncherNames;
private final boolean signed;

private static final String FILENAME = ".jpackage.xml";

@@ -63,15 +65,16 @@


private AppImageFile() {
this(null, null, null, null);
this(null, null, null, null, null);
}

private AppImageFile(String launcherName, List<String> addLauncherNames,
String creatorVersion, String creatorPlatform) {
String creatorVersion, String creatorPlatform, String signedStr) {
this.launcherName = launcherName;
this.addLauncherNames = addLauncherNames;
this.creatorVersion = creatorVersion;
this.creatorPlatform = creatorPlatform;
this.signed = "true".equals(signedStr);
}

/**
@@ -90,6 +93,10 @@ String getLauncherName() {
return launcherName;
}

boolean isSigned() {
return signed;
}

void verifyCompatible() throws ConfigException {
// Just do nothing for now.
}
@@ -125,6 +132,10 @@ static void save(Path appImageDir, Map<String, Object> params)
xml.writeCharacters(APP_NAME.fetchFrom(params));
xml.writeEndElement();

xml.writeStartElement("signed");
xml.writeCharacters(SIGN_BUNDLE.fetchFrom(params).toString());
xml.writeEndElement();

List<Map<String, ? super Object>> addLaunchers =
ADD_LAUNCHERS.fetchFrom(params);

@@ -164,6 +175,9 @@ static AppImageFile load(Path appImageDir) throws IOException {
String version = xpathQueryNullable(xPath,
"/jpackage-state/@version", doc);

String signedStr = xpathQueryNullable(xPath,
"/jpackage-state/@signed", doc);

NodeList launcherNameNodes = (NodeList) xPath.evaluate(
"/jpackage-state/add-launcher/text()", doc,
XPathConstants.NODESET);
@@ -173,7 +187,7 @@ static AppImageFile load(Path appImageDir) throws IOException {
}

AppImageFile file = new AppImageFile(
mainLauncher, addLaunchers, version, platform);
mainLauncher, addLaunchers, version, platform, signedStr);
if (!file.isValid()) {
file = new AppImageFile();
}
@@ -467,6 +467,16 @@ private static Path findPathOfModule( List<Path> modulePath, String moduleName)
(s, p) -> new LinkedHashSet<>(Arrays.asList(s.split(",")))
);

static final StandardBundlerParam<Boolean> SIGN_BUNDLE =
new StandardBundlerParam<>(
Arguments.CLIOptions.MAC_SIGN.getId(),
Boolean.class,
params -> false,
(s, p) -> (s == null || "null".equalsIgnoreCase(s)) ?
null : Boolean.valueOf(s)
);


static boolean isRuntimeInstaller(Map<String, ? super Object> params) {
if (params.containsKey(MODULE.getID()) ||
params.containsKey(MAIN_JAR.getID()) ||

1 comment on commit a37254c

@openjdk-notifier

This comment has been minimized.

Copy link

@openjdk-notifier openjdk-notifier bot commented on a37254c Sep 9, 2021

Please sign in to comment.