< prev index next >
src/jdk.incubator.jpackage/macosx/classes/jdk/incubator/jpackage/internal/MacAppImageBuilder.java
Print this page
*** 366,382 ****
Log.error(e.getMessage());
}
String signingIdentity =
DEVELOPER_ID_APP_SIGNING_KEY.fetchFrom(params);
if (signingIdentity != null) {
signAppBundle(params, root, signingIdentity,
! BUNDLE_ID_SIGNING_PREFIX.fetchFrom(params), null, null);
}
restoreKeychainList(params);
}
}
private String getLauncherName(Map<String, ? super Object> params) {
if (APP_NAME.fetchFrom(params) != null) {
return APP_NAME.fetchFrom(params);
} else {
return MAIN_CLASS.fetchFrom(params);
--- 366,409 ----
Log.error(e.getMessage());
}
String signingIdentity =
DEVELOPER_ID_APP_SIGNING_KEY.fetchFrom(params);
if (signingIdentity != null) {
+ prepareEntitlements(params);
signAppBundle(params, root, signingIdentity,
! BUNDLE_ID_SIGNING_PREFIX.fetchFrom(params),
! getConfig_Entitlements(params).toString(),
! getConfig_Inherit_Entitlements(params).toString());
}
restoreKeychainList(params);
}
}
+ private File getConfig_Entitlements(Map<String, ? super Object> params) {
+ return new File(CONFIG_ROOT.fetchFrom(params),
+ getLauncherName(params) + ".entitlements");
+ }
+
+ private File getConfig_Inherit_Entitlements(
+ Map<String, ? super Object> params) {
+ return new File(CONFIG_ROOT.fetchFrom(params),
+ getLauncherName(params) + "_Inherit.entitlements");
+ }
+
+ private void prepareEntitlements(Map<String, ? super Object> params)
+ throws IOException {
+ createResource("Mac.entitlements", params)
+ .setCategory(I18N.getString("resource.mac-entitlements"))
+ .saveToFile(getConfig_Entitlements(params));
+
+ createResource("Mac_Inherit.entitlements", params)
+ .setCategory(I18N.getString(
+ "resource.mac-inherit-entitlements"))
+ .saveToFile(getConfig_Inherit_Entitlements(params));
+ }
+
+
private String getLauncherName(Map<String, ? super Object> params) {
if (APP_NAME.fetchFrom(params) != null) {
return APP_NAME.fetchFrom(params);
} else {
return MAIN_CLASS.fetchFrom(params);
*** 757,771 ****
}
} catch (IOException e) {
Log.verbose(e);
}
}).filter(p -> Files.isRegularFile(p)
! && !(p.toString().contains("/Contents/MacOS/libjli.dylib")
! || p.toString().endsWith(appExecutable)
|| p.toString().contains("/Contents/runtime")
! || p.toString().contains("/Contents/Frameworks"))).forEach(p -> {
! //noinspection ThrowableResultOfMethodCallIgnored
if (toThrow.get() != null) return;
// If p is a symlink then skip the signing process.
if (Files.isSymbolicLink(p)) {
if (VERBOSE.fetchFrom(params)) {
--- 784,798 ----
}
} catch (IOException e) {
Log.verbose(e);
}
}).filter(p -> Files.isRegularFile(p)
! && !(p.toString().endsWith(appExecutable)
|| p.toString().contains("/Contents/runtime")
! || p.toString().contains("/Contents/Frameworks"))
! ).forEach(p -> {
! // noinspection ThrowableResultOfMethodCallIgnored
if (toThrow.get() != null) return;
// If p is a symlink then skip the signing process.
if (Files.isSymbolicLink(p)) {
if (VERBOSE.fetchFrom(params)) {
*** 776,802 ****
if (p.toString().endsWith(LIBRARY_NAME)) {
if (isFileSigned(p)) {
return;
}
}
-
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "-s", signingIdentity, // sign with this key
"--prefix", identifierPrefix,
- // use the identifier as a prefix
"-vvvv"));
! if (entitlementsFile != null &&
! (p.toString().endsWith(".jar")
|| p.toString().endsWith(".dylib"))) {
! args.add("--entitlements");
! args.add(entitlementsFile); // entitlements
! } else if (inheritedEntitlements != null &&
! Files.isExecutable(p)) {
args.add("--entitlements");
args.add(inheritedEntitlements);
! // inherited entitlements for executable processes
}
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
--- 803,827 ----
if (p.toString().endsWith(LIBRARY_NAME)) {
if (isFileSigned(p)) {
return;
}
}
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "--timestamp",
! "--options", "runtime",
! "-s", signingIdentity,
"--prefix", identifierPrefix,
"-vvvv"));
! if ((p.toString().endsWith(".jar")
|| p.toString().endsWith(".dylib"))) {
! // code used to add entitlements to these here
! } else if (Files.isExecutable(p)) {
! if (inheritedEntitlements != null) {
args.add("--entitlements");
args.add(inheritedEntitlements);
! }
}
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
*** 807,816 ****
--- 832,842 ----
Files.getPosixFilePermissions(p);
File f = p.toFile();
f.setWritable(true, true);
ProcessBuilder pb = new ProcessBuilder(args);
+ Log.info(" codesign 1 - " + p.toString());
IOUtils.exec(pb);
Files.setPosixFilePermissions(p, oldPermissions);
} catch (IOException ioe) {
toThrow.set(ioe);
*** 829,864 ****
if (toThrow.get() != null) return;
try {
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "-f",
"-s", signingIdentity, // sign with this key
"--prefix", identifierPrefix,
// use the identifier as a prefix
"-vvvv"));
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
args.add(path.toString());
ProcessBuilder pb = new ProcessBuilder(args);
IOUtils.exec(pb);
args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "-s", signingIdentity, // sign with this key
"--prefix", identifierPrefix,
- // use the identifier as a prefix
"-vvvv"));
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
args.add(path.toString()
+ "/Contents/_CodeSignature/CodeResources");
pb = new ProcessBuilder(args);
IOUtils.exec(pb);
} catch (IOException e) {
toThrow.set(e);
}
};
--- 855,900 ----
if (toThrow.get() != null) return;
try {
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "--timestamp",
! "--options", "runtime",
! "--deep",
! "--force",
"-s", signingIdentity, // sign with this key
"--prefix", identifierPrefix,
// use the identifier as a prefix
"-vvvv"));
+
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
args.add(path.toString());
ProcessBuilder pb = new ProcessBuilder(args);
+ Log.info(" codesign 2 - " + path.toString());
IOUtils.exec(pb);
+
args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "--timestamp",
! "--options", "runtime",
! "--deep",
! "--force",
! "-s", signingIdentity,
"--prefix", identifierPrefix,
"-vvvv"));
if (keyChain != null && !keyChain.isEmpty()) {
args.add("--keychain");
args.add(keyChain);
}
args.add(path.toString()
+ "/Contents/_CodeSignature/CodeResources");
pb = new ProcessBuilder(args);
+ Log.info(" codesign 3 - " + path.toString() + "/Contents/_CodeSignature/CodeResources");
IOUtils.exec(pb);
} catch (IOException e) {
toThrow.set(e);
}
};
*** 884,895 ****
}
// sign the app itself
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "-s", signingIdentity, // sign with this key
! "-vvvv")); // super verbose output
if (entitlementsFile != null) {
args.add("--entitlements");
args.add(entitlementsFile); // entitlements
}
if (keyChain != null && !keyChain.isEmpty()) {
--- 920,935 ----
}
// sign the app itself
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
! "--timestamp",
! "--options", "runtime",
! "--deep",
! "--force",
! "-s", signingIdentity,
! "-vvvv"));
if (entitlementsFile != null) {
args.add("--entitlements");
args.add(entitlementsFile); // entitlements
}
if (keyChain != null && !keyChain.isEmpty()) {
*** 898,907 ****
--- 938,949 ----
}
args.add(appLocation.toString());
ProcessBuilder pb =
new ProcessBuilder(args.toArray(new String[args.size()]));
+
+ Log.info(" codesign 4 - " + appLocation.toString());
IOUtils.exec(pb);
}
private static boolean isFileSigned(Path file) {
ProcessBuilder pb =
< prev index next >