On Wed, 29 Jun 2022 03:03:15 GMT, Alexander Matveev <almat...@openjdk.org> 
wrote:

> Fixed 3 issues which made signature invalid:
> - We should not remove .jpackage.xml from signed app image when creating DMG 
> or PKG otherwise it invalidates signature.
> - .package should be created when app image is generated, so this file can be 
> signed.
> - Copying predefine app image for DMG and PKG should not follow symbolic 
> links, otherwise several files from runtime (COPYRIGHT and LICENSE) will be 
> copied instead of symbolic links being created, since it invalidates 
> signature as well.
> 
> Added additional test to validate signature when DMG or PKG is generated from 
> predefined app image.

I think we can do the following for the signed image: don't add the `.package` 
file. Instead, write a warning saying that because the app image is signed, 
support for per-user configuration of the installed app will not be working. 
(https://bugs.openjdk.org/browse/JDK-8287060 refers to per-use configuration)

-------------

PR: https://git.openjdk.org/jdk19/pull/89

Reply via email to