< prev index next >
modules/fxpackager/src/main/java/com/oracle/tools/packager/mac/MacBaseInstallerBundler.java
Print this page
rev 9619 : imported patch 9-jake-fxpackager.patch
*** 213,369 ****
protected File prepareDaemonBundle(Map<String, ? super Object> p) {
File daemonImageRoot = DAEMON_IMAGE_BUILD_ROOT.fetchFrom(p);
return DAEMON_BUNDLER.fetchFrom(p).doBundle(p, daemonImageRoot, true);
}
! public static void signAppBundle(Map<String, ? super Object> params, File appLocation, String signingIdentity, String identifierPrefix) throws IOException {
! signAppBundle(params, appLocation, signingIdentity, identifierPrefix, null, null);
! }
!
! public static void signAppBundle(Map<String, ? super Object> params, File appLocation, String signingIdentity, String identifierPrefix, String entitlementsFile, String inheritedEntitlements) throws IOException {
! AtomicReference<IOException> toThrow = new AtomicReference<>();
! String appExecutable = "/Contents/MacOS/" + APP_NAME.fetchFrom(params);
! String keyChain = SIGNING_KEYCHAIN.fetchFrom(params);
!
! // sign all dylibs and jars
! Files.walk(appLocation.toPath())
! // while we are searching let's fix permissions
! .peek(path -> {
! try {
! Set<PosixFilePermission> pfp = Files.getPosixFilePermissions(path);
! if (!pfp.contains(PosixFilePermission.OWNER_WRITE)) {
! pfp = EnumSet.copyOf(pfp);
! pfp.add(PosixFilePermission.OWNER_WRITE);
! Files.setPosixFilePermissions(path, pfp);
! }
! } catch (IOException e) {
! Log.debug(e);
! }
! })
! .filter(p -> Files.isRegularFile(p) &&
! !(p.toString().contains("/Contents/MacOS/libjli.dylib")
! || p.toString().contains("/Contents/MacOS/JavaAppletPlugin")
! || p.toString().endsWith(appExecutable))
! ).forEach(p -> {
! //noinspection ThrowableResultOfMethodCallIgnored
! if (toThrow.get() != null) return;
!
! List<String> args = new ArrayList<>();
! args.addAll(Arrays.asList("codesign",
! "-s", signingIdentity, // sign with this key
! "--prefix", identifierPrefix, // use the identifier as a prefix
! "-vvvv"));
! if (entitlementsFile != null &&
! (p.toString().endsWith(".jar")
! || p.toString().endsWith(".dylib")))
! {
! args.add("--entitlements");
! args.add(entitlementsFile); // entitlements
! } else if (inheritedEntitlements != null && Files.isExecutable(p)) {
! args.add("--entitlements");
! args.add(inheritedEntitlements); // inherited entitlements for executable processes
! }
! if (keyChain != null && !keyChain.isEmpty()) {
! args.add("--keychain");
! args.add(keyChain);
! }
! args.add(p.toString());
- try {
- Set<PosixFilePermission> oldPermissions = Files.getPosixFilePermissions(p);
- File f = p.toFile();
- f.setWritable(true, true);
-
- ProcessBuilder pb = new ProcessBuilder(args);
- IOUtils.exec(pb, VERBOSE.fetchFrom(params));
-
- Files.setPosixFilePermissions(p, oldPermissions);
- } catch (IOException ioe) {
- toThrow.set(ioe);
- }
- });
-
- IOException ioe = toThrow.get();
- if (ioe != null) {
- throw ioe;
- }
-
- // sign all plugins and frameworks
- Consumer<? super Path> signIdentifiedByPList = path -> {
- //noinspection ThrowableResultOfMethodCallIgnored
- if (toThrow.get() != null) return;
-
- try {
- List<String> args = new ArrayList<>();
- args.addAll(Arrays.asList("codesign",
- "-s", signingIdentity, // sign with this key
- "--prefix", identifierPrefix, // use the identifier as a prefix
- "-vvvv"));
- if (keyChain != null && !keyChain.isEmpty()) {
- args.add("--keychain");
- args.add(keyChain);
- }
- args.add(path.toString());
- ProcessBuilder pb = new ProcessBuilder(args);
- IOUtils.exec(pb, VERBOSE.fetchFrom(params));
-
- args = new ArrayList<>();
- args.addAll(Arrays.asList("codesign",
- "-s", signingIdentity, // sign with this key
- "--prefix", identifierPrefix, // use the identifier as a prefix
- "-vvvv"));
- if (keyChain != null && !keyChain.isEmpty()) {
- args.add("--keychain");
- args.add(keyChain);
- }
- args.add(path.toString() + "/Contents/_CodeSignature/CodeResources");
- pb = new ProcessBuilder(args);
- IOUtils.exec(pb, VERBOSE.fetchFrom(params));
- } catch (IOException e) {
- toThrow.set(e);
- }
- };
-
- Path pluginsPath = appLocation.toPath().resolve("Contents/PlugIns");
- if (Files.isDirectory(pluginsPath)) {
- Files.list(pluginsPath)
- .forEach(signIdentifiedByPList);
-
- ioe = toThrow.get();
- if (ioe != null) {
- throw ioe;
- }
- }
- Path frameworkPath = appLocation.toPath().resolve("Contents/Frameworks");
- if (Files.isDirectory(frameworkPath)) {
- Files.list(frameworkPath)
- .forEach(signIdentifiedByPList);
-
- ioe = toThrow.get();
- if (ioe != null) {
- throw ioe;
- }
- }
-
- // sign the app itself
- List<String> args = new ArrayList<>();
- args.addAll(Arrays.asList("codesign",
- "-s", signingIdentity, // sign with this key
- "-vvvv")); // super verbose output
- if (entitlementsFile != null) {
- args.add("--entitlements");
- args.add(entitlementsFile); // entitlements
- }
- if (keyChain != null && !keyChain.isEmpty()) {
- args.add("--keychain");
- args.add(keyChain);
- }
- args.add(appLocation.toString());
-
- ProcessBuilder pb = new ProcessBuilder(args.toArray(new String[args.size()]));
- IOUtils.exec(pb, VERBOSE.fetchFrom(params));
- }
@Override
public Collection<BundlerParamInfo<?>> getBundleParameters() {
Collection<BundlerParamInfo<?>> results = new LinkedHashSet<>();
--- 213,227 ----
protected File prepareDaemonBundle(Map<String, ? super Object> p) {
File daemonImageRoot = DAEMON_IMAGE_BUILD_ROOT.fetchFrom(p);
return DAEMON_BUNDLER.fetchFrom(p).doBundle(p, daemonImageRoot, true);
}
! // public static void signAppBundle(Map<String, ? super Object> params, File appLocation, String signingIdentity, String identifierPrefix) throws IOException {
! // signAppBundle(params, appLocation, signingIdentity, identifierPrefix, null, null);
! // }
! //
@Override
public Collection<BundlerParamInfo<?>> getBundleParameters() {
Collection<BundlerParamInfo<?>> results = new LinkedHashSet<>();
< prev index next >