On Fri, 6 Oct 2023 22:15:00 GMT, Alexander Matveev <almat...@openjdk.org> wrote:
> - Added `--mac-app-image-sign-identity` and `--mac-installer-sign-identity` > CLI options to jpackage to provide signing identity directly to `codesign` > and `productbuild` tools as per CSR > [JDK-8316631](https://bugs.openjdk.org/browse/JDK-8316631). > - If `codesign` or `productbuild` fails, then output of these tools will be > printed to stdout to help user diagnose issues with signing using new > options. Examples with sign identity set to "test" which does not exist on > system: >> Error: "codesign" failed with following output: >> test: no identity found > >> Error: "productbuild" failed with following output: >> productbuild: error: Cannot write product to "/Users/SOMEDIR/Test-1.0.pkg". >> (Could not find appropriate signing identity for “test”.) > - Added error handling not to allow invalid combinations of signing options. > - Updated signing tests to test new changes. If I get it right from the code, if `--mac-app-image-sign-identity` or `--mac-installer-sign-identity` option is specified and `--mac-sign` is NOT, it is an error. What is the point in `--mac-sign` then? It looks redundant. If we still want `--mac-sign` to have any meaning when `--mac-app-image-sign-identity` and `--mac-installer-sign-identity` are used let's make jpackage silently ignore any signing options if `--mac-sign` is not specified. E.g.: `jpackage --mac-app-image-sign-identity foo` - no error and no signing `jpackage --mac-app-image-sign-identity foo --mac-sign` - no error, run signing ------------- PR Comment: https://git.openjdk.org/jdk/pull/16085#issuecomment-1766410728
