Merged in corpriv-702 (pull request #25)

CORPRIV-702: Sign the DMG with a 'Mac Developer' certificate. * CORPRIV-702: Sign the DMG with a 'Mac Developer' certificate. * CORPRIV-702: Use "Developer ID Application" certificate instead. And now JavaPackager signs the application, which means that we only need to resign our embedded JVM. * CORPRIV-702: Update comment better to explain why JRE must be resigned. Approved-by: Mike Hearn
2024-12-28 00:38:55 +00:00 · 2017-03-07 09:55:55 +00:00 · 2017-03-07 09:55:55 +00:00 · d394a30471
commit d394a30471
parent 39dacac330
1 changed files with 24 additions and 2 deletions
--- a/tools/demobench/package/macosx/DemoBench-post-image.sh
+++ b/tools/demobench/package/macosx/DemoBench-post-image.sh
@ -3,9 +3,31 @@ if [ -z "$JAVA_HOME" ]; then
    exit 1
 fi

+function signApplication() {
+    APPDIR=$1
+    IDENTITY=$2
+
+    # Resign the embedded JRE because we have included "bin/java"
+    # after javapackager had already signed the JRE installation.
+    if ! (codesign --force --sign "$IDENTITY" --verbose $APPDIR/Contents/PlugIns/Java.runtime); then
+        echo "**** Failed to resign the embedded JVM"
+        return 1
+    fi
+}
+
 # Switch to folder containing application.
 cd ../images/image-*/DemoBench.app

 INSTALL_HOME=Contents/PlugIns/Java.runtime/Contents/Home/jre/bin
-mkdir -p $INSTALL_HOME
-cp $JAVA_HOME/jre/bin/java $INSTALL_HOME
+if (mkdir -p $INSTALL_HOME); then
+    cp $JAVA_HOME/jre/bin/java $INSTALL_HOME
+fi
+
+# Switch to image directory in order to sign it.
+cd ..
+
+# Sign the application using a 'Developer ID Application' key on our keychain.
+if ! (signApplication DemoBench.app "Developer ID Application: "); then
+    echo "**** Failed to sign the application - ABORT SIGNING"
+fi
+