8013489: New build system does not run codesign on SA-related launchers on OS X
authorerikj
Wed, 29 May 2013 14:01:04 +0200
changeset 17661 55c5e0f7b9cc
parent 17660 b226baa345a2
child 17662 8cae100e6f14
8013489: New build system does not run codesign on SA-related launchers on OS X Reviewed-by: sla, tbell
common/autoconf/basics.m4
common/autoconf/generated-configure.sh
common/autoconf/spec.gmk.in
common/makefiles/MakeBase.gmk
common/makefiles/NativeCompilation.gmk
--- a/common/autoconf/basics.m4	Wed May 29 13:58:40 2013 +0200
+++ b/common/autoconf/basics.m4	Wed May 29 14:01:04 2013 +0200
@@ -617,6 +617,20 @@
 
 if test "x$OPENJDK_TARGET_OS" = "xmacosx"; then
   BASIC_REQUIRE_PROG(XATTR, xattr)
+  AC_PATH_PROG(CODESIGN, codesign)
+  if test "x$CODESIGN" != "x"; then
+    # Verify that the openjdk_codesign certificate is present
+    AC_MSG_CHECKING([if openjdk_codesign certificate is present])
+    rm -f codesign-testfile
+    touch codesign-testfile
+    codesign -s openjdk_codesign codesign-testfile 2>&AS_MESSAGE_LOG_FD >&AS_MESSAGE_LOG_FD || CODESIGN=
+    rm -f codesign-testfile
+    if test "x$CODESIGN" = x; then
+      AC_MSG_RESULT([no])
+    else
+      AC_MSG_RESULT([yes])
+    fi
+  fi
 fi
 ])
 
--- a/common/autoconf/generated-configure.sh	Wed May 29 13:58:40 2013 +0200
+++ b/common/autoconf/generated-configure.sh	Wed May 29 14:01:04 2013 +0200
@@ -797,6 +797,7 @@
 OS_VERSION_MINOR
 OS_VERSION_MAJOR
 PKG_CONFIG
+CODESIGN
 XATTR
 TIME
 STAT
@@ -3780,7 +3781,7 @@
 #CUSTOM_AUTOCONF_INCLUDE
 
 # Do not change or remove the following line, it is needed for consistency checks:
-DATE_WHEN_GENERATED=1369828684
+DATE_WHEN_GENERATED=1369828849
 
 ###############################################################################
 #
@@ -10493,6 +10494,62 @@
     fi
 
 
+  # Extract the first word of "codesign", so it can be a program name with args.
+set dummy codesign; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_CODESIGN+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $CODESIGN in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_CODESIGN="$CODESIGN" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_path_CODESIGN="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+CODESIGN=$ac_cv_path_CODESIGN
+if test -n "$CODESIGN"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CODESIGN" >&5
+$as_echo "$CODESIGN" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  if test "x$CODESIGN" != "x"; then
+    # Verify that the openjdk_codesign certificate is present
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if openjdk_codesign certificate is present" >&5
+$as_echo_n "checking if openjdk_codesign certificate is present... " >&6; }
+    rm -f codesign-testfile
+    touch codesign-testfile
+    codesign -s openjdk_codesign codesign-testfile 2>&5 >&5 || CODESIGN=
+    rm -f codesign-testfile
+    if test "x$CODESIGN" = x; then
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+    else
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+    fi
+  fi
 fi
 
 
--- a/common/autoconf/spec.gmk.in	Wed May 29 13:58:40 2013 +0200
+++ b/common/autoconf/spec.gmk.in	Wed May 29 14:01:04 2013 +0200
@@ -478,6 +478,7 @@
 # CD is going away, but remains to cater for legacy makefiles.
 CD:=cd
 CHMOD:=@CHMOD@
+CODESIGN:=@CODESIGN@
 COMM:=@COMM@
 CP:=@CP@
 CPIO:=@CPIO@
--- a/common/makefiles/MakeBase.gmk	Wed May 29 13:58:40 2013 +0200
+++ b/common/makefiles/MakeBase.gmk	Wed May 29 14:01:04 2013 +0200
@@ -361,8 +361,8 @@
 
 # This is to be called by all SetupFoo macros
 define LogSetupMacroEntry
-    $(if $(26),$(error Internal makefile error: Too many arguments to LogSetupMacroEntry, please update MakeBase.gmk))
-    $(if $(findstring $(LOG_LEVEL),debug trace), $(info $1 $(foreach i,2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25,$(if $($i),$(NEWLINE) $(strip [$i] $($i))))))
+    $(if $(27),$(error Internal makefile error: Too many arguments to LogSetupMacroEntry, please update MakeBase.gmk))
+    $(if $(findstring $(LOG_LEVEL),debug trace), $(info $1 $(foreach i,2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26,$(if $($i),$(NEWLINE) $(strip [$i] $($i))))))
 endef
 
 # Make directory without forking mkdir if not needed
--- a/common/makefiles/NativeCompilation.gmk	Wed May 29 13:58:40 2013 +0200
+++ b/common/makefiles/NativeCompilation.gmk	Wed May 29 14:01:04 2013 +0200
@@ -147,9 +147,9 @@
     #    CC the compiler to use, default is $(CC)
     #    LDEXE the linker to use for linking executables, default is $(LDEXE)
     #    OPTIMIZATION sets optimization level to NONE, LOW, HIGH, HIGHEST
-    $(foreach i,2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25, $(if $($i),$1_$(strip $($i)))$(NEWLINE))
-    $(call LogSetupMacroEntry,SetupNativeCompilation($1),$2,$3,$4,$5,$6,$7,$8,$9,$(10),$(11),$(12),$(13),$(14),$(15),$(16),$(17),$(18),$(19),$(20),$(21),$(22),$(23),$(24),$(25))
-    $(if $(26),$(error Internal makefile error: Too many arguments to SetupNativeCompilation, please update NativeCompilation.gmk))
+    $(foreach i,2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26, $(if $($i),$1_$(strip $($i)))$(NEWLINE))
+    $(call LogSetupMacroEntry,SetupNativeCompilation($1),$2,$3,$4,$5,$6,$7,$8,$9,$(10),$(11),$(12),$(13),$(14),$(15),$(16),$(17),$(18),$(19),$(20),$(21),$(22),$(23),$(24),$(25),$(26))
+    $(if $(27),$(error Internal makefile error: Too many arguments to SetupNativeCompilation, please update NativeCompilation.gmk))
 
     ifneq (,$$($1_BIN))
         $$(error BIN has been replaced with OBJECT_DIR)
@@ -567,6 +567,12 @@
         ifneq (,$$($1_GEN_MANIFEST))
 		$(MT) -nologo -manifest $$($1_GEN_MANIFEST) -outputresource:$$@;#1
         endif
-
+        # This only works if the openjdk_codesign identity is present on the system. Let
+        # silently fail otherwise.
+        ifneq (,$(CODESIGN))
+            ifneq (,$$($1_CODESIGN))
+		$(CODESIGN) -s openjdk_codesign $$@
+            endif
+        endif
     endif
 endef