Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8298343

"Could not confirm if TargetJDK is hardened." warning for SA tests on macosx-aarch64-debug

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P5 P5
    • 21
    • 20
    • hotspot
    • b02
    • aarch64
    • os_x

      In the log for most SA tests on macos-aarch64-debug, you will see something like:

      STDOUT: Executable=/System/Volumes/Data/mesos/work_dir/jib-master/install/2022-12-07-2219530.chris.plummer.jdk/macosx-aarch64-debug.jdk/jdk-20/fastdebug/bin/java
      ...
      STDOUT: CodeDirectory v=20400 size=758 flags=0x2(adhoc) hashes=13+7 location=embedded
      STDOUT: Signature=adhoc
      ...
      Could not confirm if TargetJDK is hardened. Assuming not hardened.

      The message at the end shouldn't be happening. The problem is in Platform.isHardenedOSX(), which is searching for "flags=0x20002(adhoc,linker-signed)", but instead we are seeing "flags=0x2(adhoc)". This is due to JDK-8293550, which is now explicitly adding adhoc signing. Previously we just allowed the linker to just do the default adhoc signing, which is why you would also see the "linker-signed" flag. Since we explicitly do adhoc signing now, "linker-signed" is missing.

      The fix is to just allow either form. Since it is possible to build without the explicitly adhoc signing, we still need to support the old form that includes "linker-signed".

      There seems to be no adverse affects from this bug, since the conclusion that the JDK is not hardened is the correct one.

            cjplummer Chris Plummer
            cjplummer Chris Plummer
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: