Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8311877

[macos] Add CLI options to provide signing identity directly to codesign and productbuild

    XMLWordPrintable

Details

    • b21

    Description

      My Apple developer certificate name has the form

      Apple Development: Alan Snyder (XX00X0XXX0)

      This name was created by Apple.

      When I try to use this certificate with jpackage, it is not used.

      For example:

      $ java --version
      openjdk 20.0.1 2023-04-18
      OpenJDK Runtime Environment (build 20.0.1+9-29)
      OpenJDK 64-Bit Server VM (build 20.0.1+9-29, mixed mode, sharing)
      $ jpackage --type app-image --main-jar ... --mac-signing-key-user-name "Alan Snyder" --input ...
      $ codesign -d -v *.app
      Executable=...
      Identifier=test
      Format=app bundle with Mach-O thin (arm64)
      CodeDirectory v=20400 size=1597 flags=0x2(adhoc) hashes=44+3 location=embedded
      Signature=adhoc
      Info.plist entries=16
      TeamIdentifier=not set
      Sealed Resources version=2 rules=13 files=304
      Internal requirements count=0 size=12

      I have no trouble using this certificate directly with codesign.
      I can simply provide the alphanumeric key as the identity.

      codesign has a simple and useful process for finding the actual certificate:

      The identity is first considered as the full name of a keychain identity preference. If such a preference exists, it directly names the identity used. Otherwise, the identity is located by searching all keychains for a certificate whose subject common name (only) contains the identity string given. If there are multiple matches, the operation fails and no signing is performed; however, an exact match is preferred over a partial match. These comparisons are case sensitive. Multiple instances of the exactly same certificate in multiple keychains are tolerated as harmless.

      I see no reason why jpackage should not simply pass the string I give it to codesign.

      Attachments

        Issue Links

          Activity

            People

              almatvee Alexander Matveev
              alans Alan Snyder
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: