< prev index next >
src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/MacAppImageBuilder.java
Print this page
*** 777,789 ****
AtomicReference<IOException> toThrow = new AtomicReference<>();
String appExecutable = "/Contents/MacOS/" + APP_NAME.fetchFrom(params);
String keyChain = SIGNING_KEYCHAIN.fetchFrom(params);
// sign all dylibs and jars
! Files.walk(appLocation)
! // fix permissions
! .peek(path -> {
try {
Set<PosixFilePermission> pfp =
Files.getPosixFilePermissions(path);
if (!pfp.contains(PosixFilePermission.OWNER_WRITE)) {
pfp = EnumSet.copyOf(pfp);
--- 777,787 ----
AtomicReference<IOException> toThrow = new AtomicReference<>();
String appExecutable = "/Contents/MacOS/" + APP_NAME.fetchFrom(params);
String keyChain = SIGNING_KEYCHAIN.fetchFrom(params);
// sign all dylibs and jars
! Files.walk(appLocation).peek(path -> { // fix permissions
try {
Set<PosixFilePermission> pfp =
Files.getPosixFilePermissions(path);
if (!pfp.contains(PosixFilePermission.OWNER_WRITE)) {
pfp = EnumSet.copyOf(pfp);
*** 791,816 ****
Files.setPosixFilePermissions(path, pfp);
}
} catch (IOException e) {
Log.verbose(e);
}
! })
! .filter(p -> Files.isRegularFile(p) &&
! !(p.toString().contains("/Contents/MacOS/libjli.dylib")
! || p.toString().endsWith(appExecutable))
! ).forEach(p -> {
//noinspection ThrowableResultOfMethodCallIgnored
if (toThrow.get() != null) return;
// If p is a symlink then skip the signing process.
if (Files.isSymbolicLink(p)) {
if (VERBOSE.fetchFrom(params)) {
Log.verbose(MessageFormat.format(I18N.getString(
"message.ignoring.symlink"), p.toString()));
}
}
! else {
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
"-s", signingIdentity, // sign with this key
"--prefix", identifierPrefix,
// use the identifier as a prefix
--- 789,819 ----
Files.setPosixFilePermissions(path, pfp);
}
} catch (IOException e) {
Log.verbose(e);
}
! }).filter(p -> Files.isRegularFile(p)
! && !(p.toString().contains("/Contents/MacOS/libjli.dylib")
! || p.toString().endsWith(appExecutable)
! || p.toString().contains("/Contents/runtime")
! || p.toString().contains("/Contents/Frameworks"))).forEach(p -> {
//noinspection ThrowableResultOfMethodCallIgnored
if (toThrow.get() != null) return;
// If p is a symlink then skip the signing process.
if (Files.isSymbolicLink(p)) {
if (VERBOSE.fetchFrom(params)) {
Log.verbose(MessageFormat.format(I18N.getString(
"message.ignoring.symlink"), p.toString()));
}
+ } else {
+ if (p.toString().endsWith(LIBRARY_NAME)) {
+ if (isFileSigned(p)) {
+ return;
}
! }
!
List<String> args = new ArrayList<>();
args.addAll(Arrays.asList("codesign",
"-s", signingIdentity, // sign with this key
"--prefix", identifierPrefix,
// use the identifier as a prefix
*** 930,935 ****
--- 933,956 ----
ProcessBuilder pb =
new ProcessBuilder(args.toArray(new String[args.size()]));
IOUtils.exec(pb);
}
+ private static boolean isFileSigned(Path file) {
+ List<String> args = new ArrayList<>();
+ args.addAll(Arrays.asList("codesign",
+ "--verify",
+ file.toString()));
+
+ ProcessBuilder pb
+ = new ProcessBuilder(args.toArray(new String[args.size()]));
+
+ try {
+ IOUtils.exec(pb);
+ } catch (IOException ex) {
+ return false;
+ }
+
+ return true;
+ }
+
}
< prev index next >