< prev index next >

modules/jdk.packager/src/main/java/jdk/packager/builders/mac/MacAppImageBuilder.java

Print this page 







 724         w.close();
 725     }
 726 
 727     private void writePkgInfo(File file) throws IOException {
 728         //hardcoded as it does not seem we need to change it ever
 729         String signature = "????";
 730 
 731         try (Writer out = new BufferedWriter(new FileWriter(file))) {
 732             out.write(OS_TYPE_CODE + signature);
 733             out.flush();
 734         }
 735     }
 736 
 737     public static void signAppBundle(Map<String, ? super Object> params, Path appLocation, String signingIdentity, String identifierPrefix, String entitlementsFile, String inheritedEntitlements) throws IOException {
 738         AtomicReference<IOException> toThrow = new AtomicReference<>();
 739         String appExecutable = "/Contents/MacOS/" + APP_NAME.fetchFrom(params);
 740         String keyChain = SIGNING_KEYCHAIN.fetchFrom(params);
 741 
 742         // sign all dylibs and jars
 743         Files.walk(appLocation)
 744                 // while we are searching let's fix permissions
 745                 .peek(path -> {
 746                     try {
 747                         Set<PosixFilePermission> pfp = Files.getPosixFilePermissions(path);
 748                         if (!pfp.contains(PosixFilePermission.OWNER_WRITE)) {
 749                             pfp = EnumSet.copyOf(pfp);
 750                             pfp.add(PosixFilePermission.OWNER_WRITE);
 751                             Files.setPosixFilePermissions(path, pfp);
 752                         }
 753                     } catch (IOException e) {
 754                         Log.debug(e);
 755                     }
 756                 })
 757                 .filter(p -> Files.isRegularFile(p) &&
 758                                 !(p.toString().contains("/Contents/MacOS/libjli.dylib")
 759                                         || p.toString().contains("/Contents/MacOS/JavaAppletPlugin")
 760                                         || p.toString().endsWith(appExecutable))
 761                 ).forEach(p -> {
 762             //noinspection ThrowableResultOfMethodCallIgnored
 763             if (toThrow.get() != null) return;
 764 


 765             List<String> args = new ArrayList<>();
 766             args.addAll(Arrays.asList("codesign",
 767                     "-s", signingIdentity, // sign with this key
 768                     "--prefix", identifierPrefix, // use the identifier as a prefix
 769                     "-vvvv"));
 770             if (entitlementsFile != null &&
 771                     (p.toString().endsWith(".jar")
 772                             || p.toString().endsWith(".dylib"))) {
 773                 args.add("--entitlements");
 774                 args.add(entitlementsFile); // entitlements
 775             } else if (inheritedEntitlements != null && Files.isExecutable(p)) {
 776                 args.add("--entitlements");
 777                 args.add(inheritedEntitlements); // inherited entitlements for executable processes
 778             }
 779             if (keyChain != null && !keyChain.isEmpty()) {
 780                 args.add("--keychain");
 781                 args.add(keyChain);
 782             }
 783             args.add(p.toString());
 784 
 785             try {
 786                 Set<PosixFilePermission> oldPermissions = Files.getPosixFilePermissions(p);
 787                 File f = p.toFile();
 788                 f.setWritable(true, true);
 789 
 790                 ProcessBuilder pb = new ProcessBuilder(args);
 791                 IOUtils.exec(pb, VERBOSE.fetchFrom(params));
 792 
 793                 Files.setPosixFilePermissions(p, oldPermissions);
 794             } catch (IOException ioe) {
 795                 toThrow.set(ioe);
 796             }

 797         });
 798 
 799         IOException ioe = toThrow.get();
 800         if (ioe != null) {
 801             throw ioe;
 802         }
 803 
 804         // sign all plugins and frameworks
 805         Consumer<? super Path> signIdentifiedByPList = path -> {
 806             //noinspection ThrowableResultOfMethodCallIgnored
 807             if (toThrow.get() != null) return;
 808 
 809             try {
 810                 List<String> args = new ArrayList<>();
 811                 args.addAll(Arrays.asList("codesign",
 812                         "-s", signingIdentity, // sign with this key
 813                         "--prefix", identifierPrefix, // use the identifier as a prefix
 814                         "-vvvv"));
 815                 if (keyChain != null && !keyChain.isEmpty()) {
 816                     args.add("--keychain");






 724         w.close();
 725     }
 726 
 727     private void writePkgInfo(File file) throws IOException {
 728         //hardcoded as it does not seem we need to change it ever
 729         String signature = "????";
 730 
 731         try (Writer out = new BufferedWriter(new FileWriter(file))) {
 732             out.write(OS_TYPE_CODE + signature);
 733             out.flush();
 734         }
 735     }
 736 
 737     public static void signAppBundle(Map<String, ? super Object> params, Path appLocation, String signingIdentity, String identifierPrefix, String entitlementsFile, String inheritedEntitlements) throws IOException {
 738         AtomicReference<IOException> toThrow = new AtomicReference<>();
 739         String appExecutable = "/Contents/MacOS/" + APP_NAME.fetchFrom(params);
 740         String keyChain = SIGNING_KEYCHAIN.fetchFrom(params);
 741 
 742         // sign all dylibs and jars
 743         Files.walk(appLocation)
 744                 // fix permissions
 745                 .peek(path -> {
 746                     try {
 747                         Set<PosixFilePermission> pfp = Files.getPosixFilePermissions(path);
 748                         if (!pfp.contains(PosixFilePermission.OWNER_WRITE)) {
 749                             pfp = EnumSet.copyOf(pfp);
 750                             pfp.add(PosixFilePermission.OWNER_WRITE);
 751                             Files.setPosixFilePermissions(path, pfp);
 752                         }
 753                     } catch (IOException e) {
 754                         Log.debug(e);
 755                     }
 756                 })
 757                 .filter(p -> Files.isRegularFile(p) &&
 758                                 !(p.toString().contains("/Contents/MacOS/libjli.dylib")
 759                                         || p.toString().contains("/Contents/MacOS/JavaAppletPlugin")
 760                                         || p.toString().endsWith(appExecutable))
 761                 ).forEach(p -> {
 762             //noinspection ThrowableResultOfMethodCallIgnored
 763             if (toThrow.get() != null) return;
 764 
 765             // If p is a symlink then skip the signing process.
 766             if (!Files.isSymbolicLink(p)) {
 767                 List<String> args = new ArrayList<>();
 768                 args.addAll(Arrays.asList("codesign",
 769                         "-s", signingIdentity, // sign with this key
 770                         "--prefix", identifierPrefix, // use the identifier as a prefix
 771                         "-vvvv"));
 772                 if (entitlementsFile != null &&
 773                         (p.toString().endsWith(".jar")
 774                                 || p.toString().endsWith(".dylib"))) {
 775                     args.add("--entitlements");
 776                     args.add(entitlementsFile); // entitlements
 777                 } else if (inheritedEntitlements != null && Files.isExecutable(p)) {
 778                     args.add("--entitlements");
 779                     args.add(inheritedEntitlements); // inherited entitlements for executable processes
 780                 }
 781                 if (keyChain != null && !keyChain.isEmpty()) {
 782                     args.add("--keychain");
 783                     args.add(keyChain);
 784                 }
 785                 args.add(p.toString());
 786 
 787                 try {
 788                     Set<PosixFilePermission> oldPermissions = Files.getPosixFilePermissions(p);
 789                     File f = p.toFile();
 790                     f.setWritable(true, true);
 791 
 792                     ProcessBuilder pb = new ProcessBuilder(args);
 793                     IOUtils.exec(pb, VERBOSE.fetchFrom(params));
 794 
 795                     Files.setPosixFilePermissions(p, oldPermissions);
 796                 } catch (IOException ioe) {
 797                     toThrow.set(ioe);
 798                 }
 799             }
 800         });
 801 
 802         IOException ioe = toThrow.get();
 803         if (ioe != null) {
 804             throw ioe;
 805         }
 806 
 807         // sign all plugins and frameworks
 808         Consumer<? super Path> signIdentifiedByPList = path -> {
 809             //noinspection ThrowableResultOfMethodCallIgnored
 810             if (toThrow.get() != null) return;
 811 
 812             try {
 813                 List<String> args = new ArrayList<>();
 814                 args.addAll(Arrays.asList("codesign",
 815                         "-s", signingIdentity, // sign with this key
 816                         "--prefix", identifierPrefix, // use the identifier as a prefix
 817                         "-vvvv"));
 818                 if (keyChain != null && !keyChain.isEmpty()) {
 819                     args.add("--keychain");







< prev index next >