On Wed, 29 Jun 2022 03:03:15 GMT, Alexander Matveev <almat...@openjdk.org> wrote:
> Fixed 3 issues which made signature invalid: > - We should not remove .jpackage.xml from signed app image when creating DMG > or PKG otherwise it invalidates signature. > - .package should be created when app image is generated, so this file can be > signed. > - Copying predefine app image for DMG and PKG should not follow symbolic > links, otherwise several files from runtime (COPYRIGHT and LICENSE) will be > copied instead of symbolic links being created, since it invalidates > signature as well. > > Added additional test to validate signature when DMG or PKG is generated from > predefined app image. I think we can do the following for the signed image: don't add the `.package` file. Instead, write a warning saying that because the app image is signed, support for per-user configuration of the installed app will not be working. (https://bugs.openjdk.org/browse/JDK-8287060 refers to per-use configuration) ------------- PR: https://git.openjdk.org/jdk19/pull/89
