In the log for most SA tests on macos-aarch64-debug, you will see something like:
STDOUT: Executable=/System/Volumes/Data/mesos/work_dir/jib-master/install/2022-12-07-2219530.chris.plummer.jdk/macosx-aarch64-debug.jdk/jdk-20/fastdebug/bin/java ... STDOUT: CodeDirectory v=20400 size=758 flags=0x2(adhoc) hashes=13+7 location=embedded STDOUT: Signature=adhoc ... Could not confirm if TargetJDK is hardened. Assuming not hardened. The message at the end shouldn't be happening. The problem is in `Platform.isHardenedOSX()`, which is searching for "flags=0x20002(adhoc,linker-signed)", but instead we are seeing "flags=0x2(adhoc)". This is due to [JDK-8293550](https://bugs.openjdk.org/browse/JDK-8293550), which is now explicitly adding adhoc signing. Previously we just allowed the linker to just do the default adhoc signing, which is why you would also see the "linker-signed" flag. Since we explicitly do adhoc signing now, "linker-signed" is missing. The fix is to just allow either form. Since it is possible to build without the explicit adhoc signing, we still need to support the old form that includes "linker-signed". There seems to be no adverse affects from this bug, other than seeing the above message, since the conclusion that the JDK is not hardened is the correct one. ------------- Commit messages: - Allow adhoc signing that is not linker signed. Changes: https://git.openjdk.org/jdk/pull/11619/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=11619&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8298343 Stats: 4 lines in 1 file changed: 4 ins; 0 del; 0 mod Patch: https://git.openjdk.org/jdk/pull/11619.diff Fetch: git fetch https://git.openjdk.org/jdk pull/11619/head:pull/11619 PR: https://git.openjdk.org/jdk/pull/11619
