- Rework the SigningPackageTwoStepTest test to cover the case of bundling an unsigned predefined app image into a signed .pkg installer; make it verify expected warnings in the jpackage output.
- All jpackage tests will verify that without "--mac-sign" option, jpackage produces app images with a valid "adhoc" signature. Additionally: - Fix jpackage to make it emit messages expected in the updated SigningPackageTwoStepTest test. - Add helper code for signing testing. - Automatically unlock jpackage test keychains in all signing tests. - Add a workaround for the `/usr/bin/codesign—-verify` command, which sometimes fails if executed without `sudo`. ------------- Commit messages: - MacSignVerify: add a comment - Add javadoc - MacPackageBuilder, MacPkgPackageBuilder: move warning logging from MacBaseInstallerBundler - Update copyright year - Better keychain configuration in the signing tests; Unlock test keychains in signing tests; MacSignTest: better test coverage; MacSign: make MacSign.ResolvedKeychain more usable; JPackageCommand, MacHelper: add sign helpers and verify signature of jpackage output if it is unsigned; MacSignVerify: add functions to verify signed output of JPackageCommand instances; Rework SigningPackageTwoStepTest for better coverage. Add a workaround for `/usr/bin/codesign --verify` command that sometimes fails if executed without `sudo`. Changes: https://git.openjdk.org/jdk/pull/27875/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=27875&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8370126 Stats: 816 lines in 15 files changed: 549 ins; 139 del; 128 mod Patch: https://git.openjdk.org/jdk/pull/27875.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/27875/head:pull/27875 PR: https://git.openjdk.org/jdk/pull/27875
