> Automate setting up an environment for mac signing tests: create keychain(s), > self-signing certificates, and register them in the system. > > To set up the environment, run `make test-only > TEST=test/jdk/tools/jpackage/macosx/base/SigningBase.java > JTREG=JAVA_OPTIONS=-Djpackage.test.SignEnv=setup` command. > > The above command will create "jpackagerTest.keychain" keychain, one private > RSA key, and four self-signed certificates using this key: > | Certificate common name (CN) | Usage | > |----------------------------------|-----| > | Developer ID Application: jpackage.openjdk.java.net|Code sign| > | Developer ID Installer: jpackage.openjdk.java.net|.pkg sign| > | Developer ID Application: jpackage.openjdk.java.net (ö)|Code sign| > | Developer ID Installer: jpackage.openjdk.java.net (ö)|.pkg sign| > > Certificates will be added to the list of trusted certificates using a > sequence of `security add-trusted-cert...` commands (one command per > certificate). This step will require user interaction to enter the user > account password as many times as the number of created certificates (four). > A user will be presented with the "Trust certificate" dialog describing which > certificate is about to be added to the list of trusted certificates before > the dialog prompting the user password pops up: > <img width="440" alt="trust-cert-prompt" > src="https://github.com/user-attachments/assets/a67d0966-2dea-4bc6-93a6-f52dad599898"; > /> > > When the user presses the "OK" button on the "Trust certificate" dialog, the > dialog prompting the user password will pop up: > <img width="800" alt="trust-cert-prompt-2" > src="https://github.com/user-attachments/assets/1d1f022d-54ac-4a7e-8d0a-9bfe65c76b49"; > /> > > Suppose the user presses the "Cancel" button on the "Trust certificate" > dialog. In that case, the dialog prompting the user password will NOT pop up, > and the whole sequence of adding certificates to the list of trusted > certificates will abort. > > If the user presses the "Cancel" button on the dialog prompting the user > password, it will be dismissed, and the user will start over with the same > "Trust certificate" dialog. > > Every "Trust certificate" dialog has a one-minute timeout. If the dialog is > automatically dismissed because of the timeout expiration, adding > certificates to the list of trusted certificates will abort. > > To tear down the environment, run `make test-only > TEST=test/jdk/tools/jpackage/macosx/base/SigningBase.java > JTREG=JAVA_OPTIONS=-Djpackage.test.SignEnv=teardown` command. This command > will unlink and delete...
Alexey Semenyuk has updated the pull request incrementally with one additional commit since the last revision: Make MacSign.setUp() work with LibreSSL. Can specify path to openssl command with "jpackage.test.openssl" system property. Add MacSign.isDeployed(). ------------- Changes: - all: https://git.openjdk.org/jdk/pull/24087/files - new: https://git.openjdk.org/jdk/pull/24087/files/f4d55824..b59c9776 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=24087&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=24087&range=00-01 Stats: 209 lines in 1 file changed: 165 ins; 23 del; 21 mod Patch: https://git.openjdk.org/jdk/pull/24087.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/24087/head:pull/24087 PR: https://git.openjdk.org/jdk/pull/24087
