8276837: [macos]: Error when signing the additional launcher

Andy Herrick · Andy Herrick · commit 7696897932a3 · 2021-12-02T14:08:33.000Z
Reviewed-by: asemenyuk, almatvee
diff --git a/src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/MacAppImageBuilder.java b/src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/MacAppImageBuilder.java
@@ -593,7 +593,6 @@ public static void addNewKeychain(Map<String, ? super Object> params)
             Log.error(I18N.getString("message.keychain.error"));
             return;
         }
-
         boolean contains = keychainList.stream().anyMatch(
                     str -> str.trim().equals("\""+keyChainPath.trim()+"\""));
         if (contains) {
@@ -608,7 +607,9 @@ public static void addNewKeychain(Map<String, ? super Object> params)
             if (path.startsWith("\"") && path.endsWith("\"")) {
                 path = path.substring(1, path.length()-1);
             }
-            keyChains.add(path);
+            if (!keyChains.contains(path)) {
+                keyChains.add(path);
+            }
         });
 
         List<String> args = new ArrayList<>();
@@ -682,27 +683,23 @@ static void signAppBundle(
                     Log.verbose(MessageFormat.format(I18N.getString(
                             "message.ignoring.symlink"), p.toString()));
                 } else {
-                    List<String> args;
-                    // runtime and Framework files will be signed below
-                    // but they need to be unsigned first here
-                    if ((p.toString().contains("/Contents/runtime")) ||
-                        (p.toString().contains("/Contents/Frameworks"))) {
-
-                        args = new ArrayList<>();
-                        args.addAll(Arrays.asList("/usr/bin/codesign",
-                                "--remove-signature", p.toString()));
-                        try {
-                            Set<PosixFilePermission> oldPermissions =
-                                    Files.getPosixFilePermissions(p);
-                            p.toFile().setWritable(true, true);
-                            ProcessBuilder pb = new ProcessBuilder(args);
-                            IOUtils.exec(pb);
-                            Files.setPosixFilePermissions(p,oldPermissions);
-                        } catch (IOException ioe) {
-                            Log.verbose(ioe);
-                            toThrow.set(ioe);
-                            return;
-                        }
+                    // unsign everything before signing
+                    List<String> args = new ArrayList<>();
+                    args.addAll(Arrays.asList("/usr/bin/codesign",
+                            "--remove-signature", p.toString()));
+                    try {
+                        Set<PosixFilePermission> oldPermissions =
+                                Files.getPosixFilePermissions(p);
+                        p.toFile().setWritable(true, true);
+                        ProcessBuilder pb = new ProcessBuilder(args);
+                        // run quietly
+                        IOUtils.exec(pb, false, null, false,
+                                Executor.INFINITE_TIMEOUT, true);
+                        Files.setPosixFilePermissions(p,oldPermissions);
+                    } catch (IOException ioe) {
+                        Log.verbose(ioe);
+                        toThrow.set(ioe);
+                        return;
                     }
                     args = new ArrayList<>();
                     args.addAll(Arrays.asList("/usr/bin/codesign",
@@ -727,7 +724,9 @@ static void signAppBundle(
                                 Files.getPosixFilePermissions(p);
                         p.toFile().setWritable(true, true);
                         ProcessBuilder pb = new ProcessBuilder(args);
-                        IOUtils.exec(pb);
+                        // run quietly
+                        IOUtils.exec(pb, false, null, false,
+                                Executor.INFINITE_TIMEOUT, true);
                         Files.setPosixFilePermissions(p, oldPermissions);
                     } catch (IOException ioe) {
                         toThrow.set(ioe);
diff --git a/src/jdk.jpackage/share/classes/jdk/jpackage/internal/IOUtils.java b/src/jdk.jpackage/share/classes/jdk/jpackage/internal/IOUtils.java
@@ -190,14 +190,24 @@ static void exec(ProcessBuilder pb, boolean testForPresenceOnly,
     static void exec(ProcessBuilder pb, boolean testForPresenceOnly,
             PrintStream consumer, boolean writeOutputToFile, long timeout)
             throws IOException {
+        exec(pb, testForPresenceOnly, consumer, writeOutputToFile,
+                Executor.INFINITE_TIMEOUT, false);
+    }
+
+    static void exec(ProcessBuilder pb, boolean testForPresenceOnly,
+            PrintStream consumer, boolean writeOutputToFile,
+            long timeout, boolean quiet) throws IOException {
         List<String> output = new ArrayList<>();
-        Executor exec = Executor.of(pb).setWriteOutputToFile(writeOutputToFile)
-                .setTimeout(timeout).setOutputConsumer(lines -> {
-            lines.forEach(output::add);
-            if (consumer != null) {
-                output.forEach(consumer::println);
-            }
-        });
+        Executor exec = Executor.of(pb)
+                .setWriteOutputToFile(writeOutputToFile)
+                .setTimeout(timeout)
+                .setQuiet(quiet)
+                .setOutputConsumer(lines -> {
+                    lines.forEach(output::add);
+                    if (consumer != null) {
+                        output.forEach(consumer::println);
+                    }
+                });
 
         if (testForPresenceOnly) {
             exec.execute();
diff --git a/test/jdk/tools/jpackage/macosx/SigningAppImageTest.java b/test/jdk/tools/jpackage/macosx/SigningAppImageTest.java
@@ -24,6 +24,7 @@
 import java.nio.file.Path;
 import jdk.jpackage.test.JPackageCommand;
 import jdk.jpackage.test.Annotations.Test;
+import jdk.jpackage.test.AdditionalLauncher;
 
 /**
  * Tests generation of app image with --mac-sign and related arguments. Test will
@@ -65,11 +66,17 @@ public static void test() throws Exception {
         cmd.addArguments("--mac-sign", "--mac-signing-key-user-name",
                 SigningBase.DEV_NAME, "--mac-signing-keychain",
                 SigningBase.KEYCHAIN);
+
+        AdditionalLauncher testAL = new AdditionalLauncher("testAL");
+        testAL.applyTo(cmd);
         cmd.executeAndAssertHelloAppImageCreated();
 
         Path launcherPath = cmd.appLauncherPath();
         SigningBase.verifyCodesign(launcherPath, true);
 
+        Path testALPath = launcherPath.getParent().resolve("testAL");
+        SigningBase.verifyCodesign(testALPath, true);
+
         Path appImage = cmd.outputBundle();
         SigningBase.verifyCodesign(appImage, true);
         SigningBase.verifySpctl(appImage, "exec");
