jpackage should exit with an error if it finds multiple matching signing certificates

XMLWordPrintable

    • Type: CSR
    • Resolution: Approved
    • Priority: P4
    • 26
    • Component/s: tools
    • None
    • behavioral
    • low
    • Hide
      Build configurations that rely on jpackage selecting the first matching signing identity out of many will stop working. This is intended. It is fragile to rely on the order in which signing identities are stored in a keychain. They will need to adjust the jpackage command line to more precisely specify which signing identity to use, or split signing identities between multiple keychains.
      Show
      Build configurations that rely on jpackage selecting the first matching signing identity out of many will stop working. This is intended. It is fragile to rely on the order in which signing identities are stored in a keychain. They will need to adjust the jpackage command line to more precisely specify which signing identity to use, or split signing identities between multiple keychains.
    • Other
    • JDK

      Summary

      jpackage should exit with an error if it can't unambiguously resolve the signing identity when signing an application on macOS.

      Problem

      Currently, if jpackage determines that multiple signing identities match the signing identity pattern, it selects the first one and writes a warning. jpackage is usually used as a component of a build pipeline. Developers typically ignore build warnings unless the build fails. This may result in applications being signed by an unexpected signing identity without being noticed.

      Solution

      If jpackage determines that multiple signing identities match the signing identity pattern, it should exit with an error rather than continue using the first matching signing identity.

      Specification

      If jpackage determines that multiple signing identities match the signing identity pattern, it will exit with an error rather than write a warning and select the first matching signing identity.

            Assignee:
            Alexey Semenyuk
            Reporter:
            Alexey Semenyuk
            Alexander Matveev, Kevin Rushforth
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: