On Sun, 18 Jan 2026 07:34:45 GMT, Alexey Semenyuk <[email protected]> wrote:
> Restore the logic of how jpackage handles cases when the "--mac-sign" option > is specified without the "--mac-signing-key-user-name" or > "--mac-app-image-sign-identity" option. > > Make it work as it did prior to the > [JDK-8333664](https://bugs.openjdk.org/browse/JDK-8333664) patch, which > caused jpackage to silently ignore the "--mac-sign" option and not sign the > output bundle. > > The restored behavior is as follows: > > If the "--mac-sign" option is specified, jpackage will always attempt to sign > the output bundle. > > If none of the signing identity options ("--mac-signing-key-user-name", > "--mac-app-image-sign-identity", or "--mac-installer-sign-identity") is > specified, jpackage will look up for a signing identity (or signing > identities in case of PKG bundling) in the keychain specified with the > "--mac-signing-keychain", or in the default keychain of the current user if > the "--mac-signing-keychain" option is not specified. > > If the keychain contains exactly one signing certificate of a specific type > (a certificate for signing an app image or a certificate for signing a PKG > installer), jpackage will use it for signing. Otherwise, jpackage will exit > with an error. > > Added tests to cover the cases when the "--mac-sign" option is specified and > the keychain has/doesn't have signing certificates. This pull request has now been integrated. Changeset: 4a6de12b Author: Alexey Semenyuk <[email protected]> URL: https://git.openjdk.org/jdk/commit/4a6de12b3a356b4aec9049ec3ee1ee26cd4517bf Stats: 1429 lines in 20 files changed: 1295 ins; 35 del; 99 mod 8371438: jpackage should handle the case when "--mac-sign" is specified without signing identity options Reviewed-by: almatvee ------------- PR: https://git.openjdk.org/jdk/pull/29290
