From d394a30471fbb1897b74b286e74067ad56cbe6cd Mon Sep 17 00:00:00 2001 From: Chris Rankin Date: Tue, 7 Mar 2017 09:55:55 +0000 Subject: [PATCH] Merged in corpriv-702 (pull request #25) CORPRIV-702: Sign the DMG with a 'Mac Developer' certificate. * CORPRIV-702: Sign the DMG with a 'Mac Developer' certificate. * CORPRIV-702: Use "Developer ID Application" certificate instead. And now JavaPackager signs the application, which means that we only need to resign our embedded JVM. * CORPRIV-702: Update comment better to explain why JRE must be resigned. Approved-by: Mike Hearn --- .../package/macosx/DemoBench-post-image.sh | 26 +++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/tools/demobench/package/macosx/DemoBench-post-image.sh b/tools/demobench/package/macosx/DemoBench-post-image.sh index 14c2c28bea..1c5341ae09 100644 --- a/tools/demobench/package/macosx/DemoBench-post-image.sh +++ b/tools/demobench/package/macosx/DemoBench-post-image.sh @@ -3,9 +3,31 @@ if [ -z "$JAVA_HOME" ]; then exit 1 fi +function signApplication() { + APPDIR=$1 + IDENTITY=$2 + + # Resign the embedded JRE because we have included "bin/java" + # after javapackager had already signed the JRE installation. + if ! (codesign --force --sign "$IDENTITY" --verbose $APPDIR/Contents/PlugIns/Java.runtime); then + echo "**** Failed to resign the embedded JVM" + return 1 + fi +} + # Switch to folder containing application. cd ../images/image-*/DemoBench.app INSTALL_HOME=Contents/PlugIns/Java.runtime/Contents/Home/jre/bin -mkdir -p $INSTALL_HOME -cp $JAVA_HOME/jre/bin/java $INSTALL_HOME +if (mkdir -p $INSTALL_HOME); then + cp $JAVA_HOME/jre/bin/java $INSTALL_HOME +fi + +# Switch to image directory in order to sign it. +cd .. + +# Sign the application using a 'Developer ID Application' key on our keychain. +if ! (signApplication DemoBench.app "Developer ID Application: "); then + echo "**** Failed to sign the application - ABORT SIGNING" +fi +