mirror of
https://github.com/openjdk/jdk.git
synced 2026-02-26 18:20:28 +00:00
8237490: [macos] Add support notarizing jpackage app-image and dmg
Reviewed-by: asemenyuk, almatvee
This commit is contained in:
Andy Herrick
parent
50ed53076f
commit
1cca0e48e0
@ -368,14 +368,28 @@ public class MacAppImageBuilder extends AbstractAppImageBuilder {
|
||||
String signingIdentity =
|
||||
DEVELOPER_ID_APP_SIGNING_KEY.fetchFrom(params);
|
||||
if (signingIdentity != null) {
|
||||
prepareEntitlements(params);
|
||||
signAppBundle(params, root, signingIdentity,
|
||||
BUNDLE_ID_SIGNING_PREFIX.fetchFrom(params), null, null);
|
||||
BUNDLE_ID_SIGNING_PREFIX.fetchFrom(params),
|
||||
getConfig_Entitlements(params));
|
||||
}
|
||||
restoreKeychainList(params);
|
||||
}
|
||||
}
|
||||
|
||||
private String getLauncherName(Map<String, ? super Object> params) {
|
||||
static File getConfig_Entitlements(Map<String, ? super Object> params) {
|
||||
return new File(CONFIG_ROOT.fetchFrom(params),
|
||||
getLauncherName(params) + ".entitlements");
|
||||
}
|
||||
|
||||
static void prepareEntitlements(Map<String, ? super Object> params)
|
||||
throws IOException {
|
||||
createResource("entitlements.plist", params)
|
||||
.setCategory(I18N.getString("resource.entitlements"))
|
||||
.saveToFile(getConfig_Entitlements(params));
|
||||
}
|
||||
|
||||
private static String getLauncherName(Map<String, ? super Object> params) {
|
||||
if (APP_NAME.fetchFrom(params) != null) {
|
||||
return APP_NAME.fetchFrom(params);
|
||||
} else {
|
||||
@ -735,16 +749,15 @@ public class MacAppImageBuilder extends AbstractAppImageBuilder {
|
||||
IOUtils.exec(pb);
|
||||
}
|
||||
|
||||
public static void signAppBundle(
|
||||
static void signAppBundle(
|
||||
Map<String, ? super Object> params, Path appLocation,
|
||||
String signingIdentity, String identifierPrefix,
|
||||
String entitlementsFile, String inheritedEntitlements)
|
||||
String signingIdentity, String identifierPrefix, File entitlements)
|
||||
throws IOException {
|
||||
AtomicReference<IOException> toThrow = new AtomicReference<>();
|
||||
String appExecutable = "/Contents/MacOS/" + APP_NAME.fetchFrom(params);
|
||||
String keyChain = SIGNING_KEYCHAIN.fetchFrom(params);
|
||||
|
||||
// sign all dylibs and jars
|
||||
// sign all dylibs and executables
|
||||
try (Stream<Path> stream = Files.walk(appLocation)) {
|
||||
stream.peek(path -> { // fix permissions
|
||||
try {
|
||||
@ -758,48 +771,43 @@ public class MacAppImageBuilder extends AbstractAppImageBuilder {
|
||||
} catch (IOException e) {
|
||||
Log.verbose(e);
|
||||
}
|
||||
}).filter(p -> Files.isRegularFile(p)
|
||||
&& !(p.toString().contains("/Contents/MacOS/libjli.dylib")
|
||||
|| p.toString().endsWith(appExecutable)
|
||||
}).filter(p -> Files.isRegularFile(p) &&
|
||||
(Files.isExecutable(p) || p.toString().endsWith(".dylib"))
|
||||
&& !(p.toString().endsWith(appExecutable)
|
||||
|| p.toString().contains("/Contents/runtime")
|
||||
|| p.toString().contains("/Contents/Frameworks"))).forEach(p -> {
|
||||
//noinspection ThrowableResultOfMethodCallIgnored
|
||||
|| p.toString().contains("/Contents/Frameworks"))
|
||||
).forEach(p -> {
|
||||
// noinspection ThrowableResultOfMethodCallIgnored
|
||||
if (toThrow.get() != null) return;
|
||||
|
||||
// If p is a symlink then skip the signing process.
|
||||
if (Files.isSymbolicLink(p)) {
|
||||
if (VERBOSE.fetchFrom(params)) {
|
||||
Log.verbose(MessageFormat.format(I18N.getString(
|
||||
"message.ignoring.symlink"), p.toString()));
|
||||
}
|
||||
Log.verbose(MessageFormat.format(I18N.getString(
|
||||
"message.ignoring.symlink"), p.toString()));
|
||||
} else if (isFileSigned(p)) {
|
||||
// executable or lib already signed
|
||||
Log.verbose(MessageFormat.format(I18N.getString(
|
||||
"message.already.signed"), p.toString()));
|
||||
} else {
|
||||
if (p.toString().endsWith(LIBRARY_NAME)) {
|
||||
if (isFileSigned(p)) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
List<String> args = new ArrayList<>();
|
||||
args.addAll(Arrays.asList("codesign",
|
||||
"-s", signingIdentity, // sign with this key
|
||||
"--timestamp",
|
||||
"--options", "runtime",
|
||||
"-s", signingIdentity,
|
||||
"--prefix", identifierPrefix,
|
||||
// use the identifier as a prefix
|
||||
"-vvvv"));
|
||||
if (entitlementsFile != null &&
|
||||
(p.toString().endsWith(".jar")
|
||||
|| p.toString().endsWith(".dylib"))) {
|
||||
args.add("--entitlements");
|
||||
args.add(entitlementsFile); // entitlements
|
||||
} else if (inheritedEntitlements != null &&
|
||||
Files.isExecutable(p)) {
|
||||
args.add("--entitlements");
|
||||
args.add(inheritedEntitlements);
|
||||
// inherited entitlements for executable processes
|
||||
}
|
||||
if (keyChain != null && !keyChain.isEmpty()) {
|
||||
args.add("--keychain");
|
||||
args.add(keyChain);
|
||||
}
|
||||
|
||||
if (Files.isExecutable(p)) {
|
||||
if (entitlements != null) {
|
||||
args.add("--entitlements");
|
||||
args.add(entitlements.toString());
|
||||
}
|
||||
}
|
||||
|
||||
args.add(p.toString());
|
||||
|
||||
try {
|
||||
@ -809,6 +817,7 @@ public class MacAppImageBuilder extends AbstractAppImageBuilder {
|
||||
f.setWritable(true, true);
|
||||
|
||||
ProcessBuilder pb = new ProcessBuilder(args);
|
||||
|
||||
IOUtils.exec(pb);
|
||||
|
||||
Files.setPosixFilePermissions(p, oldPermissions);
|
||||
@ -831,32 +840,22 @@ public class MacAppImageBuilder extends AbstractAppImageBuilder {
|
||||
try {
|
||||
List<String> args = new ArrayList<>();
|
||||
args.addAll(Arrays.asList("codesign",
|
||||
"-f",
|
||||
"--timestamp",
|
||||
"--options", "runtime",
|
||||
"--deep",
|
||||
"--force",
|
||||
"-s", signingIdentity, // sign with this key
|
||||
"--prefix", identifierPrefix,
|
||||
// use the identifier as a prefix
|
||||
"-vvvv"));
|
||||
|
||||
if (keyChain != null && !keyChain.isEmpty()) {
|
||||
args.add("--keychain");
|
||||
args.add(keyChain);
|
||||
}
|
||||
args.add(path.toString());
|
||||
ProcessBuilder pb = new ProcessBuilder(args);
|
||||
IOUtils.exec(pb);
|
||||
|
||||
args = new ArrayList<>();
|
||||
args.addAll(Arrays.asList("codesign",
|
||||
"-s", signingIdentity, // sign with this key
|
||||
"--prefix", identifierPrefix,
|
||||
// use the identifier as a prefix
|
||||
"-vvvv"));
|
||||
if (keyChain != null && !keyChain.isEmpty()) {
|
||||
args.add("--keychain");
|
||||
args.add(keyChain);
|
||||
}
|
||||
args.add(path.toString()
|
||||
+ "/Contents/_CodeSignature/CodeResources");
|
||||
pb = new ProcessBuilder(args);
|
||||
IOUtils.exec(pb);
|
||||
} catch (IOException e) {
|
||||
toThrow.set(e);
|
||||
@ -886,20 +885,28 @@ public class MacAppImageBuilder extends AbstractAppImageBuilder {
|
||||
// sign the app itself
|
||||
List<String> args = new ArrayList<>();
|
||||
args.addAll(Arrays.asList("codesign",
|
||||
"-s", signingIdentity, // sign with this key
|
||||
"-vvvv")); // super verbose output
|
||||
if (entitlementsFile != null) {
|
||||
args.add("--entitlements");
|
||||
args.add(entitlementsFile); // entitlements
|
||||
}
|
||||
"--timestamp",
|
||||
"--options", "runtime",
|
||||
"--deep",
|
||||
"--force",
|
||||
"-s", signingIdentity,
|
||||
"-vvvv"));
|
||||
|
||||
if (keyChain != null && !keyChain.isEmpty()) {
|
||||
args.add("--keychain");
|
||||
args.add(keyChain);
|
||||
}
|
||||
|
||||
if (entitlements != null) {
|
||||
args.add("--entitlements");
|
||||
args.add(entitlements.toString());
|
||||
}
|
||||
|
||||
args.add(appLocation.toString());
|
||||
|
||||
ProcessBuilder pb =
|
||||
new ProcessBuilder(args.toArray(new String[args.size()]));
|
||||
|
||||
IOUtils.exec(pb);
|
||||
}
|
||||
|
||||
|
||||
@ -40,10 +40,6 @@ public class MacAppStoreBundler extends MacBaseInstallerBundler {
|
||||
"jdk.incubator.jpackage.internal.resources.MacResources");
|
||||
|
||||
private static final String TEMPLATE_BUNDLE_ICON_HIDPI = "java.icns";
|
||||
private final static String DEFAULT_ENTITLEMENTS =
|
||||
"MacAppStore.entitlements";
|
||||
private final static String DEFAULT_INHERIT_ENTITLEMENTS =
|
||||
"MacAppStore_Inherit.entitlements";
|
||||
|
||||
public static final BundlerParamInfo<String> MAC_APP_STORE_APP_SIGNING_KEY =
|
||||
new StandardBundlerParam<>(
|
||||
@ -94,13 +90,6 @@ public class MacAppStoreBundler extends MacBaseInstallerBundler {
|
||||
},
|
||||
(s, p) -> s);
|
||||
|
||||
public static final StandardBundlerParam<File> MAC_APP_STORE_ENTITLEMENTS =
|
||||
new StandardBundlerParam<>(
|
||||
Arguments.CLIOptions.MAC_APP_STORE_ENTITLEMENTS.getId(),
|
||||
File.class,
|
||||
params -> null,
|
||||
(s, p) -> new File(s));
|
||||
|
||||
public static final BundlerParamInfo<String> INSTALLER_SUFFIX =
|
||||
new StandardBundlerParam<> (
|
||||
"mac.app-store.installerName.suffix",
|
||||
@ -133,20 +122,15 @@ public class MacAppStoreBundler extends MacBaseInstallerBundler {
|
||||
params.put(DEVELOPER_ID_APP_SIGNING_KEY.getID(), null);
|
||||
File appLocation = prepareAppBundle(params);
|
||||
|
||||
prepareEntitlements(params);
|
||||
|
||||
String signingIdentity =
|
||||
MAC_APP_STORE_APP_SIGNING_KEY.fetchFrom(params);
|
||||
String identifierPrefix =
|
||||
BUNDLE_ID_SIGNING_PREFIX.fetchFrom(params);
|
||||
String entitlementsFile =
|
||||
getConfig_Entitlements(params).toString();
|
||||
String inheritEntitlements =
|
||||
getConfig_Inherit_Entitlements(params).toString();
|
||||
MacAppImageBuilder.prepareEntitlements(params);
|
||||
|
||||
MacAppImageBuilder.signAppBundle(params, appLocation.toPath(),
|
||||
signingIdentity, identifierPrefix,
|
||||
entitlementsFile, inheritEntitlements);
|
||||
MacAppImageBuilder.getConfig_Entitlements(params));
|
||||
MacAppImageBuilder.restoreKeychainList(params);
|
||||
|
||||
ProcessBuilder pb;
|
||||
@ -188,31 +172,6 @@ public class MacAppStoreBundler extends MacBaseInstallerBundler {
|
||||
}
|
||||
}
|
||||
|
||||
private File getConfig_Entitlements(Map<String, ? super Object> params) {
|
||||
return new File(CONFIG_ROOT.fetchFrom(params),
|
||||
APP_NAME.fetchFrom(params) + ".entitlements");
|
||||
}
|
||||
|
||||
private File getConfig_Inherit_Entitlements(
|
||||
Map<String, ? super Object> params) {
|
||||
return new File(CONFIG_ROOT.fetchFrom(params),
|
||||
APP_NAME.fetchFrom(params) + "_Inherit.entitlements");
|
||||
}
|
||||
|
||||
private void prepareEntitlements(Map<String, ? super Object> params)
|
||||
throws IOException {
|
||||
createResource(DEFAULT_ENTITLEMENTS, params)
|
||||
.setCategory(
|
||||
I18N.getString("resource.mac-app-store-entitlements"))
|
||||
.setExternal(MAC_APP_STORE_ENTITLEMENTS.fetchFrom(params))
|
||||
.saveToFile(getConfig_Entitlements(params));
|
||||
|
||||
createResource(DEFAULT_INHERIT_ENTITLEMENTS, params)
|
||||
.setCategory(I18N.getString(
|
||||
"resource.mac-app-store-inherit-entitlements"))
|
||||
.saveToFile(getConfig_Entitlements(params));
|
||||
}
|
||||
|
||||
///////////////////////////////////////////////////////////////////////
|
||||
// Implement Bundler
|
||||
///////////////////////////////////////////////////////////////////////
|
||||
|
||||
@ -1,8 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>com.apple.security.app-sandbox</key>
|
||||
<true/>
|
||||
</dict>
|
||||
</plist>
|
||||
@ -1,10 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>com.apple.security.app-sandbox</key>
|
||||
<true/>
|
||||
<key>com.apple.security.inherit</key>
|
||||
<true/>
|
||||
</dict>
|
||||
</plist>
|
||||
@ -46,8 +46,7 @@ error.no.xcode.signing.advice=Install Xcode with command line developer tools.
|
||||
resource.bundle-config-file=Bundle config file
|
||||
resource.app-info-plist=Application Info.plist
|
||||
resource.runtime-info-plist=Java Runtime Info.plist
|
||||
resource.mac-app-store-entitlements=Mac App Store Entitlements
|
||||
resource.mac-app-store-inherit-entitlements=Mac App Store Inherit Entitlements
|
||||
resource.entitlements=Mac Entitlements
|
||||
resource.dmg-setup-script=DMG setup script
|
||||
resource.license-setup=License setup
|
||||
resource.dmg-background=dmg background
|
||||
@ -68,6 +67,7 @@ message.version-string-no-negative-numbers=Negative numbers are not allowed in v
|
||||
message.version-string-numbers-only=Version strings can consist of only numbers and up to two dots.
|
||||
message.creating-association-with-null-extension=Creating association with null extension.
|
||||
message.ignoring.symlink=Warning: codesign is skipping the symlink {0}.
|
||||
message.already.signed=File already signed: {0}.
|
||||
message.keychain.error=Error: unable to get keychain list.
|
||||
message.building-bundle=Building Mac App Store Package for {0}.
|
||||
message.app-image-dir-does-not-exist=Specified application image directory {0}: {1} does not exists.
|
||||
|
||||
@ -46,8 +46,7 @@ error.no.xcode.signing.advice=Xcode\u3068\u30B3\u30DE\u30F3\u30C9\u30E9\u30A4\u3
|
||||
resource.bundle-config-file=\u30D0\u30F3\u30C9\u30EB\u69CB\u6210\u30D5\u30A1\u30A4\u30EB
|
||||
resource.app-info-plist=\u30A2\u30D7\u30EA\u30B1\u30FC\u30B7\u30E7\u30F3\u306EInfo.plist
|
||||
resource.runtime-info-plist=Java\u30E9\u30F3\u30BF\u30A4\u30E0\u306EInfo.plist
|
||||
resource.mac-app-store-entitlements=Mac App Store\u6A29\u9650
|
||||
resource.mac-app-store-inherit-entitlements=Mac App Store\u7D99\u627F\u6A29\u9650
|
||||
resource.entitlements=Mac Entitlements
|
||||
resource.dmg-setup-script=DMG\u8A2D\u5B9A\u30B9\u30AF\u30EA\u30D7\u30C8
|
||||
resource.license-setup=\u30E9\u30A4\u30BB\u30F3\u30B9\u306E\u8A2D\u5B9A
|
||||
resource.dmg-background=dmg\u80CC\u666F
|
||||
@ -68,6 +67,7 @@ message.version-string-no-negative-numbers=\u30D0\u30FC\u30B8\u30E7\u30F3\u6587\
|
||||
message.version-string-numbers-only=\u30D0\u30FC\u30B8\u30E7\u30F3\u6587\u5B57\u5217\u306F\u3001\u6570\u5B57\u30682\u3064\u307E\u3067\u306E\u30C9\u30C3\u30C8\u3067\u306E\u307F\u69CB\u6210\u3067\u304D\u307E\u3059\u3002
|
||||
message.creating-association-with-null-extension=null\u62E1\u5F35\u5B50\u3068\u306E\u95A2\u9023\u4ED8\u3051\u3092\u4F5C\u6210\u3057\u3066\u3044\u307E\u3059\u3002
|
||||
message.ignoring.symlink=\u8B66\u544A: codesign\u304Csymlink {0}\u3092\u30B9\u30AD\u30C3\u30D7\u3057\u3066\u3044\u307E\u3059
|
||||
message.already.signed=File already signed: {0}.
|
||||
message.keychain.error=\u30A8\u30E9\u30FC: \u30AD\u30FC\u30C1\u30A7\u30FC\u30F3\u30FB\u30EA\u30B9\u30C8\u3092\u53D6\u5F97\u3067\u304D\u307E\u305B\u3093\u3002
|
||||
message.building-bundle={0}\u306EMac App Store\u30D1\u30C3\u30B1\u30FC\u30B8\u3092\u4F5C\u6210\u3057\u3066\u3044\u307E\u3059\u3002
|
||||
message.app-image-dir-does-not-exist=\u6307\u5B9A\u3055\u308C\u305F\u30A2\u30D7\u30EA\u30B1\u30FC\u30B7\u30E7\u30F3\u30FB\u30A4\u30E1\u30FC\u30B8\u30FB\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA {0}: {1}\u306F\u5B58\u5728\u3057\u307E\u305B\u3093\u3002
|
||||
|
||||
@ -46,8 +46,7 @@ error.no.xcode.signing.advice=\u5B89\u88C5\u5E26\u547D\u4EE4\u884C\u5F00\u53D1\u
|
||||
resource.bundle-config-file=\u5305\u914D\u7F6E\u6587\u4EF6
|
||||
resource.app-info-plist=\u5E94\u7528\u7A0B\u5E8F Info.plist
|
||||
resource.runtime-info-plist=Java \u8FD0\u884C\u65F6 Info.plist
|
||||
resource.mac-app-store-entitlements=Mac App Store \u6743\u5229
|
||||
resource.mac-app-store-inherit-entitlements=Mac App Store \u7EE7\u627F\u6743\u5229
|
||||
resource.entitlements=Mac Entitlements
|
||||
resource.dmg-setup-script=DMG \u8BBE\u7F6E\u811A\u672C
|
||||
resource.license-setup=\u8BB8\u53EF\u8BC1\u8BBE\u7F6E
|
||||
resource.dmg-background=DMG \u80CC\u666F
|
||||
@ -68,6 +67,7 @@ message.version-string-no-negative-numbers=\u7248\u672C\u5B57\u7B26\u4E32\u4E2D\
|
||||
message.version-string-numbers-only=\u7248\u672C\u5B57\u7B26\u4E32\u53EA\u80FD\u5305\u542B\u6570\u5B57\u548C\u6700\u591A\u4E24\u4E2A\u70B9\u3002
|
||||
message.creating-association-with-null-extension=\u6B63\u5728\u4F7F\u7528\u7A7A\u6269\u5C55\u540D\u521B\u5EFA\u5173\u8054\u3002
|
||||
message.ignoring.symlink=\u8B66\u544A: codesign \u6B63\u5728\u8DF3\u8FC7\u7B26\u53F7\u94FE\u63A5 {0}\u3002
|
||||
message.already.signed=File already signed: {0}.
|
||||
message.keychain.error=\u9519\u8BEF\uFF1A\u65E0\u6CD5\u83B7\u53D6\u5BC6\u94A5\u94FE\u5217\u8868\u3002
|
||||
message.building-bundle=\u6B63\u5728\u4E3A {0} \u6784\u5EFA Mac App Store \u7A0B\u5E8F\u5305\u3002
|
||||
message.app-image-dir-does-not-exist=\u6307\u5B9A\u7684\u5E94\u7528\u7A0B\u5E8F\u6620\u50CF\u76EE\u5F55 {0}\uFF1A{1} \u4E0D\u5B58\u5728\u3002
|
||||
|
||||
@ -0,0 +1,16 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>com.apple.security.cs.allow-jit</key>
|
||||
<true/>
|
||||
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
|
||||
<true/>
|
||||
<key>com.apple.security.cs.disable-library-validation</key>
|
||||
<true/>
|
||||
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
|
||||
<true/>
|
||||
<key>com.apple.security.cs.debugger</key>
|
||||
<true/>
|
||||
</dict>
|
||||
</plist>
|
||||
@ -285,9 +285,6 @@ public class Arguments {
|
||||
MAC_SIGNING_KEYCHAIN ("mac-signing-keychain",
|
||||
OptionCategories.PLATFORM_MAC),
|
||||
|
||||
MAC_APP_STORE_ENTITLEMENTS ("mac-app-store-entitlements",
|
||||
OptionCategories.PLATFORM_MAC),
|
||||
|
||||
WIN_MENU_HINT ("win-menu", OptionCategories.PLATFORM_WIN, () -> {
|
||||
setOptionValue("win-menu", true);
|
||||
}),
|
||||
|
||||
@ -109,12 +109,9 @@ class ValidOptions {
|
||||
options.put(CLIOptions.MAC_SIGN.getId(), USE.ALL);
|
||||
options.put(CLIOptions.MAC_BUNDLE_NAME.getId(), USE.ALL);
|
||||
options.put(CLIOptions.MAC_BUNDLE_IDENTIFIER.getId(), USE.ALL);
|
||||
options.put(CLIOptions.MAC_BUNDLE_SIGNING_PREFIX.getId(),
|
||||
USE.ALL);
|
||||
options.put(CLIOptions.MAC_BUNDLE_SIGNING_PREFIX.getId(), USE.ALL);
|
||||
options.put(CLIOptions.MAC_SIGNING_KEY_NAME.getId(), USE.ALL);
|
||||
options.put(CLIOptions.MAC_SIGNING_KEYCHAIN.getId(), USE.ALL);
|
||||
options.put(CLIOptions.MAC_APP_STORE_ENTITLEMENTS.getId(),
|
||||
USE.ALL);
|
||||
}
|
||||
|
||||
if (Platform.getPlatform() == Platform.LINUX) {
|
||||
|
||||
@ -73,17 +73,26 @@ public class SigningBase {
|
||||
.setExecutable("/usr/sbin/spctl")
|
||||
.addArguments("-vvv", "--assess", "--type", type,
|
||||
target.toString())
|
||||
.executeAndGetOutput();
|
||||
// on Catalina, the exit code can be 3, meaning not notarized
|
||||
.saveOutput()
|
||||
.executeWithoutExitCodeCheck()
|
||||
.getOutput();
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
private static void verifySpctlResult(List<String> result, Path target, String type) {
|
||||
result.stream().forEachOrdered(TKit::trace);
|
||||
String lookupString = target.toString() + ": accepted";
|
||||
String lookupString;
|
||||
/* on Catalina, spctl may return 3 and say:
|
||||
* target: rejected
|
||||
* source=Unnotarized DEV_NAME
|
||||
* so we must skip these two checks
|
||||
lookupString = target.toString() + ": accepted";
|
||||
checkString(result, lookupString);
|
||||
lookupString = "source=" + DEV_NAME;
|
||||
checkString(result, lookupString);
|
||||
*/
|
||||
if (type.equals("install")) {
|
||||
lookupString = "origin=" + INSTALLER_CERT;
|
||||
} else {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user