Skip to content

Commit

Permalink
Enable JMOD signing for Windows
Browse files Browse the repository at this point in the history 
Signed-off-by: Andrew Leonard <[email protected]>
  • Loading branch information
@andrew-m-leonard
andrew-m-leonard committed Sep 29, 2023
1 parent eb7db0c commit 89a2055
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions pipelines/build/common/openjdk_build_pipeline.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1513,15 +1513,15 @@ class Build {
context.unstash 'jmods'
def target_os = "${buildConfig.TARGET_OS}"
context.println "OS = ${target_os}"
context.withEnv(['target_os='+target_os, 'base_path='+base_path]) {
context.withEnv(['base_os='+target_os, 'base_path='+base_path]) {
// groovylint-disable
context.sh '''
#!/bin/bash
set -eu
echo "base_path = ${base_path}"
echo "Signing JMOD files under build path ${base_path} for target_os ${target_os}"
echo "Signing JMOD files under build path ${base_path} for base_os ${base_os}"
TMP_DIR="${base_path}/"
if [ "${target_os}" == "mac" ]; then
if [ "${base_os}" == "mac" ]; then
ENTITLEMENTS="$WORKSPACE/entitlements.plist"
FILES=$(find "${TMP_DIR}" -perm +111 -type f -o -name '*.dylib' -type f || find "${TMP_DIR}" -perm /111 -type f -o -name '*.dylib' -type f)
else
Expand All @@ -1533,15 +1533,15 @@ class Build {
dir=$(dirname "$f")
file=$(basename "$f")
mv "$f" "${dir}/unsigned_${file}"
if [ "${target_os}" == "mac" ]; then
if [ "${base_os}" == "mac" ]; then
curl --fail --silent --show-error -o "$f" -F file="@${dir}/unsigned_${file}" -F entitlements="@$ENTITLEMENTS" https://cbi.eclipse.org/macos/codesign/sign
else
curl --fail --silent --show-error -o "$f" -F file="@${dir}/unsigned_${file}" https://cbi.eclipse.org/authenticode/sign
fi
chmod --reference="${dir}/unsigned_${file}" "$f"
# Verify it was Signed..
echo "Verify Signature for $f"
if [ "${target_os}" == "mac" ]; then
if [ "${base_os}" == "mac" ]; then
if ! codesign -v --verify $f; then
echo "Warning: $f failed to be signed, attempting one more time..."
rm -rf "$f"
Expand All @@ -1563,7 +1563,7 @@ class Build {
for f in $FILES
do
echo "Verify Signature for $f"
if [ "${target_os}" == "mac" ]; then
if [ "${base_os}" == "mac" ]; then
if ! codesign -v --verify $f; then
echo "ERROR: $f has not been signed"
exit 1
Expand Down

0 comments on commit 89a2055

Please sign in to comment.