jpackage positive signing tests have coverage gaps:
None covers the case when the value of the "--mac-signing-key-user-name" option is a full signing key name, e.g.: --mac-signing-key-user-name 'Developer ID Application: foo'. They only cover <--mac-signing-key-user-name 'foo'> and <--mac-app-image-sign-identity 'Developer ID Application: foo'> cases.
# SigningAppImageTwoStepsTest, SigningRuntimeImagePackageTest:
Doesn't cover the case when the input app image/runtime bundle is signed with one signing key and the final jpackage command uses a different signing key. The test should verify that jpackage replaces the signature of the signed input app image/runtime bundle.
# SigningPackageTest, SigningPackageTwoStepTest, SigningRuntimeImagePackageTest:
Doesn't cover the case when the "--mac-installer-sign-identity" option is set, and the "--mac-app-image-sign-identity" option is not for PKG packaging.
The behavior of this use case is undefined, but it should probably produce a valid signed .pkg installer with the unsigned internal app image and issue the "warning.unsigned.app.image" warning.
# SigningRuntimeImagePackageTest:
Doesn't cover the case where the input runtime bundle is signed, and the final jpackage command doesn't contain the "--mac-sign" option.
Two test cases [1] and [2] don't include signing. They don't belong to this test, and duplicate test cases in the RuntimePackageTest test [3].
On top of the coverage gaps, the tests are implemented in a way that makes adding new test cases difficult. E.g., adding coverage for JDK-8371438 fix looks tricky.
[1] https://github.com/openjdk/jdk/blob/5da70b180461d46b1aa44f24ba3c05efdeb03f49/test/jdk/tools/jpackage/macosx/SigningRuntimeImagePackageTest.java#L108
[2] https://github.com/openjdk/jdk/blob/5da70b180461d46b1aa44f24ba3c05efdeb03f49/test/jdk/tools/jpackage/macosx/SigningRuntimeImagePackageTest.java#L116
[3] https://github.com/openjdk/jdk/blob/5da70b180461d46b1aa44f24ba3c05efdeb03f49/test/jdk/tools/jpackage/share/RuntimePackageTest.java#L80
None covers the case when the value of the "--mac-signing-key-user-name" option is a full signing key name, e.g.: --mac-signing-key-user-name 'Developer ID Application: foo'. They only cover <--mac-signing-key-user-name 'foo'> and <--mac-app-image-sign-identity 'Developer ID Application: foo'> cases.
# SigningAppImageTwoStepsTest, SigningRuntimeImagePackageTest:
Doesn't cover the case when the input app image/runtime bundle is signed with one signing key and the final jpackage command uses a different signing key. The test should verify that jpackage replaces the signature of the signed input app image/runtime bundle.
# SigningPackageTest, SigningPackageTwoStepTest, SigningRuntimeImagePackageTest:
Doesn't cover the case when the "--mac-installer-sign-identity" option is set, and the "--mac-app-image-sign-identity" option is not for PKG packaging.
The behavior of this use case is undefined, but it should probably produce a valid signed .pkg installer with the unsigned internal app image and issue the "warning.unsigned.app.image" warning.
# SigningRuntimeImagePackageTest:
Doesn't cover the case where the input runtime bundle is signed, and the final jpackage command doesn't contain the "--mac-sign" option.
Two test cases [1] and [2] don't include signing. They don't belong to this test, and duplicate test cases in the RuntimePackageTest test [3].
On top of the coverage gaps, the tests are implemented in a way that makes adding new test cases difficult. E.g., adding coverage for JDK-8371438 fix looks tricky.
[1] https://github.com/openjdk/jdk/blob/5da70b180461d46b1aa44f24ba3c05efdeb03f49/test/jdk/tools/jpackage/macosx/SigningRuntimeImagePackageTest.java#L108
[2] https://github.com/openjdk/jdk/blob/5da70b180461d46b1aa44f24ba3c05efdeb03f49/test/jdk/tools/jpackage/macosx/SigningRuntimeImagePackageTest.java#L116
[3] https://github.com/openjdk/jdk/blob/5da70b180461d46b1aa44f24ba3c05efdeb03f49/test/jdk/tools/jpackage/share/RuntimePackageTest.java#L80
- blocks
-
JDK-8371438 jpackage should handle the case when "--mac-sign" is specified without signing identity options
-
- In Progress
-
- links to
-
Commit(master)
openjdk/jdk/9b47c23b
-
Review(master)
openjdk/jdk/29205