< prev index next >

src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/MacAppImageBuilder.java

Print this page

        

@@ -777,13 +777,11 @@
         AtomicReference<IOException> toThrow = new AtomicReference<>();
         String appExecutable = "/Contents/MacOS/" + APP_NAME.fetchFrom(params);
         String keyChain = SIGNING_KEYCHAIN.fetchFrom(params);
 
         // sign all dylibs and jars
-        Files.walk(appLocation)
-                // fix permissions
-                .peek(path -> {
+        Files.walk(appLocation).peek(path -> { // fix permissions
                     try {
                         Set<PosixFilePermission> pfp =
                             Files.getPosixFilePermissions(path);
                         if (!pfp.contains(PosixFilePermission.OWNER_WRITE)) {
                             pfp = EnumSet.copyOf(pfp);

@@ -791,26 +789,31 @@
                             Files.setPosixFilePermissions(path, pfp);
                         }
                     } catch (IOException e) {
                         Log.verbose(e);
                     }
-                })
-                .filter(p -> Files.isRegularFile(p) &&
-                        !(p.toString().contains("/Contents/MacOS/libjli.dylib")
-                        || p.toString().endsWith(appExecutable))
-                ).forEach(p -> {
+                }).filter(p -> Files.isRegularFile(p)
+                          && !(p.toString().contains("/Contents/MacOS/libjli.dylib")
+                          || p.toString().endsWith(appExecutable)
+                          || p.toString().contains("/Contents/runtime")
+                          || p.toString().contains("/Contents/Frameworks"))).forEach(p -> {
             //noinspection ThrowableResultOfMethodCallIgnored
             if (toThrow.get() != null) return;
 
             // If p is a symlink then skip the signing process.
             if (Files.isSymbolicLink(p)) {
                 if (VERBOSE.fetchFrom(params)) {
                     Log.verbose(MessageFormat.format(I18N.getString(
                             "message.ignoring.symlink"), p.toString()));
                 }
+                    } else {
+                        if (p.toString().endsWith(LIBRARY_NAME)) {
+                            if (isFileSigned(p)) {
+                                return;
             }
-            else {
+                        }
+
                 List<String> args = new ArrayList<>();
                 args.addAll(Arrays.asList("codesign",
                         "-s", signingIdentity, // sign with this key
                         "--prefix", identifierPrefix,
                                 // use the identifier as a prefix

@@ -930,6 +933,24 @@
         ProcessBuilder pb =
                 new ProcessBuilder(args.toArray(new String[args.size()]));
         IOUtils.exec(pb);
     }
 
+    private static boolean isFileSigned(Path file) {
+        List<String> args = new ArrayList<>();
+        args.addAll(Arrays.asList("codesign",
+                "--verify",
+                file.toString()));
+
+        ProcessBuilder pb
+                = new ProcessBuilder(args.toArray(new String[args.size()]));
+
+        try {
+            IOUtils.exec(pb);
+        } catch (IOException ex) {
+            return false;
+        }
+
+        return true;
+    }
+
 }
< prev index next >