If jpackage finds multiple certificates matching the name specified in the "--mac-signing-key-user-name" option, it will issue a warning and keep going:
---
WARNING: Multiple certificates found matching [Developer ID Application: jpackage.openjdk.java.net] using keychain [jpackagerTest-duplicate.keychain], using first one
---
We'd rather change this behavior so it exits with an error, since choosing the first certificate is equivalent to selecting any certificate, and this level of precision is not acceptable for the signing operation.
This also applies to the "--mac-app-image-sign-identity" and "--mac-installer-sign-identity" options. Even though they specify the exact name of the certificate, if multiple certificates with the same name exist in a keychain, jpackage should not pick any of them; it should exit with an error.
---
WARNING: Multiple certificates found matching [Developer ID Application: jpackage.openjdk.java.net] using keychain [jpackagerTest-duplicate.keychain], using first one
---
We'd rather change this behavior so it exits with an error, since choosing the first certificate is equivalent to selecting any certificate, and this level of precision is not acceptable for the signing operation.
This also applies to the "--mac-app-image-sign-identity" and "--mac-installer-sign-identity" options. Even though they specify the exact name of the certificate, if multiple certificates with the same name exist in a keychain, jpackage should not pick any of them; it should exit with an error.
- csr for
-
JDK-8371930 jpackage should exit with an error if it finds multiple matching signing certificates
-
- Finalized
-