< prev index next >

src/jdk.incubator.jpackage/macosx/classes/jdk/incubator/jpackage/internal/MacAppImageBuilder.java

Print this page

        

*** 366,383 **** Log.error(e.getMessage()); } String signingIdentity = DEVELOPER_ID_APP_SIGNING_KEY.fetchFrom(params); if (signingIdentity != null) { signAppBundle(params, root, signingIdentity, ! BUNDLE_ID_SIGNING_PREFIX.fetchFrom(params), null, null); } restoreKeychainList(params); } } ! private String getLauncherName(Map<String, ? super Object> params) { if (APP_NAME.fetchFrom(params) != null) { return APP_NAME.fetchFrom(params); } else { return MAIN_CLASS.fetchFrom(params); } --- 366,397 ---- Log.error(e.getMessage()); } String signingIdentity = DEVELOPER_ID_APP_SIGNING_KEY.fetchFrom(params); if (signingIdentity != null) { + prepareEntitlements(params); signAppBundle(params, root, signingIdentity, ! BUNDLE_ID_SIGNING_PREFIX.fetchFrom(params), ! getConfig_Entitlements(params)); } restoreKeychainList(params); } } ! static File getConfig_Entitlements(Map<String, ? super Object> params) { ! return new File(CONFIG_ROOT.fetchFrom(params), ! getLauncherName(params) + ".entitlements"); ! } ! ! static void prepareEntitlements(Map<String, ? super Object> params) ! throws IOException { ! createResource("default.entitlements", params) ! .setCategory(I18N.getString("resource.entitlements")) ! .saveToFile(getConfig_Entitlements(params)); ! } ! ! private static String getLauncherName(Map<String, ? super Object> params) { if (APP_NAME.fetchFrom(params) != null) { return APP_NAME.fetchFrom(params); } else { return MAIN_CLASS.fetchFrom(params); }
*** 733,752 **** ProcessBuilder pb = new ProcessBuilder(args); IOUtils.exec(pb); } ! public static void signAppBundle( Map<String, ? super Object> params, Path appLocation, ! String signingIdentity, String identifierPrefix, ! String entitlementsFile, String inheritedEntitlements) throws IOException { AtomicReference<IOException> toThrow = new AtomicReference<>(); String appExecutable = "/Contents/MacOS/" + APP_NAME.fetchFrom(params); String keyChain = SIGNING_KEYCHAIN.fetchFrom(params); ! // sign all dylibs and jars try (Stream<Path> stream = Files.walk(appLocation)) { stream.peek(path -> { // fix permissions try { Set<PosixFilePermission> pfp = Files.getPosixFilePermissions(path); --- 747,765 ---- ProcessBuilder pb = new ProcessBuilder(args); IOUtils.exec(pb); } ! static void signAppBundle( Map<String, ? super Object> params, Path appLocation, ! String signingIdentity, String identifierPrefix, File entitlements) throws IOException { AtomicReference<IOException> toThrow = new AtomicReference<>(); String appExecutable = "/Contents/MacOS/" + APP_NAME.fetchFrom(params); String keyChain = SIGNING_KEYCHAIN.fetchFrom(params); ! // sign all dylibs and executables try (Stream<Path> stream = Files.walk(appLocation)) { stream.peek(path -> { // fix permissions try { Set<PosixFilePermission> pfp = Files.getPosixFilePermissions(path);
*** 756,816 **** Files.setPosixFilePermissions(path, pfp); } } catch (IOException e) { Log.verbose(e); } ! }).filter(p -> Files.isRegularFile(p) ! && !(p.toString().contains("/Contents/MacOS/libjli.dylib") ! || p.toString().endsWith(appExecutable) || p.toString().contains("/Contents/runtime") ! || p.toString().contains("/Contents/Frameworks"))).forEach(p -> { ! //noinspection ThrowableResultOfMethodCallIgnored if (toThrow.get() != null) return; // If p is a symlink then skip the signing process. if (Files.isSymbolicLink(p)) { - if (VERBOSE.fetchFrom(params)) { Log.verbose(MessageFormat.format(I18N.getString( "message.ignoring.symlink"), p.toString())); ! } } else { - if (p.toString().endsWith(LIBRARY_NAME)) { - if (isFileSigned(p)) { - return; - } - } - List<String> args = new ArrayList<>(); args.addAll(Arrays.asList("codesign", ! "-s", signingIdentity, // sign with this key "--prefix", identifierPrefix, - // use the identifier as a prefix "-vvvv")); - if (entitlementsFile != null && - (p.toString().endsWith(".jar") - || p.toString().endsWith(".dylib"))) { - args.add("--entitlements"); - args.add(entitlementsFile); // entitlements - } else if (inheritedEntitlements != null && - Files.isExecutable(p)) { - args.add("--entitlements"); - args.add(inheritedEntitlements); - // inherited entitlements for executable processes - } if (keyChain != null && !keyChain.isEmpty()) { args.add("--keychain"); args.add(keyChain); } args.add(p.toString()); try { Set<PosixFilePermission> oldPermissions = Files.getPosixFilePermissions(p); File f = p.toFile(); f.setWritable(true, true); ProcessBuilder pb = new ProcessBuilder(args); IOUtils.exec(pb); Files.setPosixFilePermissions(p, oldPermissions); } catch (IOException ioe) { toThrow.set(ioe); --- 769,824 ---- Files.setPosixFilePermissions(path, pfp); } } catch (IOException e) { Log.verbose(e); } ! }).filter(p -> Files.isRegularFile(p) && ! (Files.isExecutable(p) || p.toString().endsWith(".dylib")) ! && !(p.toString().endsWith(appExecutable) || p.toString().contains("/Contents/runtime") ! || p.toString().contains("/Contents/Frameworks")) ! ).forEach(p -> { ! // noinspection ThrowableResultOfMethodCallIgnored if (toThrow.get() != null) return; // If p is a symlink then skip the signing process. if (Files.isSymbolicLink(p)) { Log.verbose(MessageFormat.format(I18N.getString( "message.ignoring.symlink"), p.toString())); ! } else if (isFileSigned(p)) { ! // executable or lib already signed ! Log.verbose(MessageFormat.format(I18N.getString( ! "message.already.signed"), p.toString())); } else { List<String> args = new ArrayList<>(); args.addAll(Arrays.asList("codesign", ! "--timestamp", ! "--options", "runtime", ! "-s", signingIdentity, "--prefix", identifierPrefix, "-vvvv")); if (keyChain != null && !keyChain.isEmpty()) { args.add("--keychain"); args.add(keyChain); } args.add(p.toString()); + if (Files.isExecutable(p)) { + if (entitlements != null) { + args.add("--entitlements"); + args.add(entitlements.toString()); + } + } + try { Set<PosixFilePermission> oldPermissions = Files.getPosixFilePermissions(p); File f = p.toFile(); f.setWritable(true, true); ProcessBuilder pb = new ProcessBuilder(args); + Log.info(" codesign 1 - " + p.toString()); IOUtils.exec(pb); Files.setPosixFilePermissions(p, oldPermissions); } catch (IOException ioe) { toThrow.set(ioe);
*** 829,864 **** if (toThrow.get() != null) return; try { List<String> args = new ArrayList<>(); args.addAll(Arrays.asList("codesign", ! "-f", "-s", signingIdentity, // sign with this key "--prefix", identifierPrefix, // use the identifier as a prefix "-vvvv")); if (keyChain != null && !keyChain.isEmpty()) { args.add("--keychain"); args.add(keyChain); } args.add(path.toString()); ProcessBuilder pb = new ProcessBuilder(args); ! IOUtils.exec(pb); ! ! args = new ArrayList<>(); ! args.addAll(Arrays.asList("codesign", ! "-s", signingIdentity, // sign with this key ! "--prefix", identifierPrefix, ! // use the identifier as a prefix ! "-vvvv")); ! if (keyChain != null && !keyChain.isEmpty()) { ! args.add("--keychain"); ! args.add(keyChain); ! } ! args.add(path.toString() ! + "/Contents/_CodeSignature/CodeResources"); ! pb = new ProcessBuilder(args); IOUtils.exec(pb); } catch (IOException e) { toThrow.set(e); } }; --- 837,862 ---- if (toThrow.get() != null) return; try { List<String> args = new ArrayList<>(); args.addAll(Arrays.asList("codesign", ! "--timestamp", ! "--options", "runtime", ! "--deep", ! "--force", "-s", signingIdentity, // sign with this key "--prefix", identifierPrefix, // use the identifier as a prefix "-vvvv")); + if (keyChain != null && !keyChain.isEmpty()) { args.add("--keychain"); args.add(keyChain); } args.add(path.toString()); ProcessBuilder pb = new ProcessBuilder(args); ! Log.info(" codesign 2 - " + path.toString()); IOUtils.exec(pb); } catch (IOException e) { toThrow.set(e); } };
*** 884,907 **** } // sign the app itself List<String> args = new ArrayList<>(); args.addAll(Arrays.asList("codesign", ! "-s", signingIdentity, // sign with this key ! "-vvvv")); // super verbose output ! if (entitlementsFile != null) { ! args.add("--entitlements"); ! args.add(entitlementsFile); // entitlements ! } if (keyChain != null && !keyChain.isEmpty()) { args.add("--keychain"); args.add(keyChain); } args.add(appLocation.toString()); ProcessBuilder pb = new ProcessBuilder(args.toArray(new String[args.size()])); IOUtils.exec(pb); } private static boolean isFileSigned(Path file) { ProcessBuilder pb = --- 882,907 ---- } // sign the app itself List<String> args = new ArrayList<>(); args.addAll(Arrays.asList("codesign", ! "--timestamp", ! "--options", "runtime", ! "--deep", ! "--force", ! "-s", signingIdentity, ! "-vvvv")); if (keyChain != null && !keyChain.isEmpty()) { args.add("--keychain"); args.add(keyChain); } args.add(appLocation.toString()); ProcessBuilder pb = new ProcessBuilder(args.toArray(new String[args.size()])); + + Log.info(" codesign 3 - " + appLocation.toString()); IOUtils.exec(pb); } private static boolean isFileSigned(Path file) { ProcessBuilder pb =
< prev index next >