On Fri, 20 Oct 2023 04:23:22 GMT, Alexander Matveev <almat...@openjdk.org> wrote:
>> - Added `--mac-app-image-sign-identity` and `--mac-installer-sign-identity` >> CLI options to jpackage to provide signing identity directly to `codesign` >> and `productbuild` tools as per CSR >> [JDK-8316631](https://bugs.openjdk.org/browse/JDK-8316631). >> - If `codesign` or `productbuild` fails, then output of these tools will be >> printed to stdout to help user diagnose issues with signing using new >> options. Examples with sign identity set to "test" which does not exist on >> system: >>> Error: "codesign" failed with following output: >>> test: no identity found >> >>> Error: "productbuild" failed with following output: >>> productbuild: error: Cannot write product to "/Users/SOMEDIR/Test-1.0.pkg". >>> (Could not find appropriate signing identity for “test”.) >> - Added error handling not to allow invalid combinations of signing options. >> - Updated signing tests to test new changes. > > Alexander Matveev has updated the pull request incrementally with one > additional commit since the last revision: > > 8311877: [macos] Add CLI options to provide signing identity directly to > codesign and productbuild [v2] Yes, you got it right. I agree it does not make sense to consider error if `--mac-sign` is not specified. I fixed it as you suggested. `--mac-app-image-sign-identity` will be ignored and no signing is done if `--mac-sign` is not specified. Also, updated `SigningPackageTest.java` to include tests for cases when only app-image is being signed or when only pkg is being signed using sign identity options. ------------- PR Comment: https://git.openjdk.org/jdk/pull/16085#issuecomment-1772057635
