On Wed, 29 Jun 2022 03:03:15 GMT, Alexander Matveev <almat...@openjdk.org> wrote:
> Fixed 3 issues which made signature invalid: > - We should not remove .jpackage.xml from signed app image when creating DMG > or PKG otherwise it invalidates signature. > - .package should be created when app image is generated, so this file can be > signed. > - Copying predefine app image for DMG and PKG should not follow symbolic > links, otherwise several files from runtime (COPYRIGHT and LICENSE) will be > copied instead of symbolic links being created, since it invalidates > signature as well. > > Added additional test to validate signature when DMG or PKG is generated from > predefined app image. src/jdk.jpackage/share/classes/jdk/jpackage/internal/AbstractAppImageBuilder.java line 83: > 81: if (Platform.isMac()) { > 82: new PackageFile(APP_NAME.fetchFrom(params)).save( > 83: ApplicationLayout.macAppImage().resolveAt(root)); If `.package` file is created in every app image, then this will result in app launchers of not installed apps attempting to read .cfg files from user home directory. The bigger issue on mac is that we can't modify app images after they are signed. We need a generic solution to the problem. ------------- PR: https://git.openjdk.org/jdk19/pull/89