On Thu, 27 Feb 2025 06:23:17 GMT, Julian Waters <[email protected]> wrote:
>> OpenJDK vendors who provide binary distributions for the Windows and macOS >> platforms generally need to ensure that every native executable file and >> dynamic library that are part of the binary builds are digitally signed >> using a set of OS specific APIs. >> >> The JDK build systems already provides the ability to invoke Apple code >> signing API during the build on macOS, but there is no equivalent support >> for Windows.which means that each vendor has had to come up with their own >> way to integrate the code signing step into their build pipeline. >> As the shape of the JDK binary deliverable evolved to accommodate features >> like modules, signing binaries as an after-the-fact process has gradually >> become more complicated and error prone, in particular with regard to the >> introduction of JEP 493. >> >> This change aims to solve this by introducing a "signing hook" that users >> can use to specify a custom script that will be invoked by the build system >> for every native executable of library compiled and linked as part of the >> build target. >> This is to provide enough flexibility for each vendor to include their own >> specific configuration and/or signing logic, not limited to a specific set >> of platforms. > > Leaving a comment here so I'm notified of any developments on this Pull > Request @TheShermanTanker FYI: You can just click the "Subscribe" button in the right-most column in the Github issue. ------------- PR Comment: https://git.openjdk.org/jdk/pull/23807#issuecomment-2706777881
