Bug ID: 7162714 Sign MacOS installers to work with Gatekeeper in 10.8

7162714 : Sign MacOS installers to work with Gatekeeper in 10.8

Details

Type:	Enhancement	Submit Date:	2012-04-19
Status:	Closed	Updated Date:	2013-04-01
Project Name:	JDK	Resolved Date:	2012-07-27
Component:	infrastructure	OS:	other,os_x
Sub-Component:	release_eng	CPU:	x86,generic
Priority:	P3
Resolution:	Fixed
Affected Versions:	7,7u4,7u5,7u6
Fixed Versions:	7u6

Related Reports

Duplicate:	JDK-7162934 - Mac OS X installers are not signed to work with Gatekeeper in 10.8
Duplicate:	JDK-7112802 - jinfo fails to attach on MacOS X
Duplicate:	JDK-7142813 - sun/tools/jmap/Basic.sh failing on Mac OS X
Relates:	JDK-7163524 - Add SecTaskAccess attribute to jstack [macosx]
Relates:	JDK-7185367 - Sign specific binaries for Mac OS X

Sub Tasks

Description

Based on the requirement from Staffan Larsen, the binary deliverables for MacOS should be signed with Oracle certificates, equivalently to what's done with Windows binaries.

Comments

SUGGESTED FIX

1. downloaded and installed xcode to 4.3.3 on build machines
   -- at the end of installation, removed the old 4.2 installation
2. downloaded and installed command line tool
3, downloaded and installed auxiliary tool (to get PackageMaker)
   -- PackageMaker is a separate installation. Get it from:
http://adcdownload.apple.com/Developer_Tools/auxiliary_tools_for_xcode__february_2012/auxiliary_tools_for_xcode.dmg

Double-click on the disk image.

-- From a terminal window, open up the Applications folder inside Xcode so it shows up in the Finder. 

% open /Applications/Xcode.app/Contents/Applications/

Copy PackageMaker.app from the disk image to here.

-- Create symlinks so the install part of the build will work.

% cd /Applications/Xcode.app/Contents/Developer/usr/bin
% ln -s /Applications/Xcode.app/Contents/Applications/PackageMaker.app/Contents/MacOS/PackageMaker
% ln -s /usr/libexec/PlistBuddy

-- For the signing part of the build, use 

% productsign --sign "Developer ID Installer" --keychain InstallerSigning.keychain /path/to/.pkg /path/to/output_file

2012-07-17

EVALUATION

According to Scott, we'll need to sign the .pkg with apple's certificate and
before it's bundled into the .dmg.

2012-07-17

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together