On Mon, 17 Mar 2025 19:51:36 GMT, Alexey Semenyuk <asemen...@openjdk.org> wrote:
> Automate setting up an environment for mac signing tests: create keychain(s), > self-signing certificates, and register them in the system. > > To set up the environment, run `make test-only > TEST=test/jdk/tools/jpackage/macosx/base/SigningBase.java > JTREG=JAVA_OPTIONS=-Djpackage.test.MacSignTests=setup` command. > > The above command will create "jpackagerTest.keychain" keychain, one private > RSA key, and four self-signed certificates using this key: > | Certificate common name (CN) | Usage | > |----------------------------------|-----| > | Developer ID Application: jpackage.openjdk.java.net|Code sign| > | Developer ID Installer: jpackage.openjdk.java.net|.pkg sign| > | Developer ID Application: jpackage.openjdk.java.net (ö)|Code sign| > | Developer ID Installer: jpackage.openjdk.java.net (ö)|.pkg sign| > > Certificates will be added to the list of trusted certificates using a > sequence of `security add-trusted-cert...` commands (one command per > certificate). This step will require user interaction to enter the user > account password as many times as the number of created certificates (four). > A user will be presented with the "Trust certificate" dialog describing which > certificate is about to be added to the list of trusted certificates before > the dialog prompting the user password pops up: > <img width="440" alt="trust-cert-prompt" > src="https://github.com/user-attachments/assets/a67d0966-2dea-4bc6-93a6-f52dad599898"; > /> > > When the user presses the "OK" button on the "Trust certificate" dialog, the > dialog prompting the user password will pop up: > <img width="800" alt="trust-cert-prompt-2" > src="https://github.com/user-attachments/assets/1d1f022d-54ac-4a7e-8d0a-9bfe65c76b49"; > /> > > Suppose the user presses the "Cancel" button on the "Trust certificate" > dialog. In that case, the dialog prompting the user password will NOT pop up, > and the whole sequence of adding certificates to the list of trusted > certificates will abort. > > If the user presses the "Cancel" button on the dialog prompting the user > password, it will be dismissed, and the user will start over with the same > "Trust certificate" dialog. > > Every "Trust certificate" dialog has a one-minute timeout. If the dialog is > automatically dismissed because of the timeout expiration, adding > certificates to the list of trusted certificates will abort. > > To tear down the environment, run `make test-only > TEST=test/jdk/tools/jpackage/macosx/base/SigningBase.java > JTREG=JAVA_OPTIONS=-Djpackage.test.MacSignTests=teardown` command. This > command will unlink ... This pull request has now been integrated. Changeset: 2c60fc51 Author: Alexey Semenyuk <asemen...@openjdk.org> URL: https://git.openjdk.org/jdk/commit/2c60fc5189b9ecec8460c130a0c939195dfa5ffb Stats: 1266 lines in 6 files changed: 1252 ins; 3 del; 11 mod 8352176: Automate setting up environment for mac signing tests Reviewed-by: almatvee ------------- PR: https://git.openjdk.org/jdk/pull/24087
