Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent jdk11+ from running external sign.sh as already signed during… #4083

Merged
merged 3 commits into from
Dec 11, 2024
Merged

Prevent jdk11+ from running external sign.sh as already signed during… #4083

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
488ca93
Prevent jdk11+ from running external sign.sh as already signed during…
andrew-m-leonard Dec 10, 2024
e194ae3
Prevent jdk11+ from running external sign.sh as already signed during…
andrew-m-leonard Dec 10, 2024
b90d202
Update comment
andrew-m-leonard Dec 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions build-farm/sign-releases.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

export SIGN_TOOL
export OPERATING_SYSTEM
export VERSION

if [ "${OPERATING_SYSTEM}" == "mac" ] ; then
EXTENSION="tar.gz"
Expand Down
15 changes: 14 additions & 1 deletion sign.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ signRelease()
do
echo "Signing ${f}"
if [ "$SIGN_TOOL" = "eclipse" ]; then
if [ "${VERSION}" = "8" ]; then
echo "Signing $f using Eclipse Foundation codesign service"
dir=$(dirname "$f")
file=$(basename "$f")
Expand Down Expand Up @@ -109,6 +110,9 @@ signRelease()
fi
chmod --reference="${dir}/unsigned_${file}" "$f"
rm -rf "${dir}/unsigned_${file}"
else
echo "Eclipse signing for JDK version ${VERSION} does not externally sign Windows executables post-build"
fi
else
STAMPED=false
for SERVER in $TIMESTAMPSERVERS; do
Expand Down Expand Up @@ -145,7 +149,16 @@ signRelease()

# Sign all files with the executable permission bit set.

FILES=$(find "${TMP_DIR}" -perm +111 -type f -not -name '.*' -o -name '*.dylib' || find "${TMP_DIR}" -perm /111 -type f -not -name '.*' -o -name '*.dylib')
if [ "$SIGN_TOOL" = "eclipse" ] && [ "${VERSION}" != "8" ]; then
# On MacOSX, libjli.dylib is copied in two places. Once in Contents/home/lib/libjli.dylib and once in
# Contents/MacOS/libjli.dylib. The latter is the bundle executable entry-point and hasn't been signed by
# by the build in contrast to content in Contents/home. Therefore, Eclipse jdk-11+ post-build signing should
# only sign the libjli.dylib bundle executable in Contents/MacOS, as there rest are already internally signed
# in the build
FILES=$(find . -name 'libjli.dylib' | grep 'Contents/MacOS' || true)
else
FILES=$(find "${TMP_DIR}" -perm +111 -type f -not -name '.*' -o -name '*.dylib' || find "${TMP_DIR}" -perm /111 -type f -not -name '.*' -o -name '*.dylib')
fi
if [ "$FILES" == "" ]; then
echo "No files to sign"
elif [ "$SIGN_TOOL" = "eclipse" ]; then
Expand Down
Loading