From a1c4c8a41ee37c2f56ced2598ffb124decc28c6d Mon Sep 17 00:00:00 2001
From: Alexey Tsvetkov <654232+AlexeyTsvetkov@users.noreply.github.com>
Date: Wed, 19 Jan 2022 13:38:56 +0300
Subject: [PATCH] Unsign dylibs when packaging with JDK 17 (#1703)

Resolves #1666
---
 examples/widgets-gallery/desktop/build.gradle.kts  |  4 ++++
 examples/widgets-gallery/gradle.properties         |  4 ++--
 .../gradle/wrapper/gradle-wrapper.properties       |  2 +-
 .../application/internal/JavaRuntimeProperties.kt  |  3 ++-
 .../desktop/application/internal/MacSigner.kt      | 10 ++++++++++
 .../application/internal/configureApplication.kt   | 14 +++++++++++---
 .../files/MacJarSignFileCopyingProcessor.kt        | 14 +++++++++++++-
 .../AbstractCheckNativeDistributionRuntime.kt      |  6 +++---
 .../application/tasks/AbstractJPackageTask.kt      | 11 ++++++++++-
 9 files changed, 56 insertions(+), 12 deletions(-)

diff --git a/examples/widgets-gallery/desktop/build.gradle.kts b/examples/widgets-gallery/desktop/build.gradle.kts
index 0fd8b2e514..43706a4d6b 100644
--- a/examples/widgets-gallery/desktop/build.gradle.kts
+++ b/examples/widgets-gallery/desktop/build.gradle.kts
@@ -35,6 +35,10 @@ compose.desktop {
                 // see https://wixtoolset.org/documentation/manual/v3/howtos/general/generate_guids.html
                 upgradeUuid = "a61b72be-1b0c-4de5-9607-791c17687428"
             }
+
+            macOS {
+                bundleID = "org.jetbrains.compose.demo.widgets"
+            }
         }
     }
 }
diff --git a/examples/widgets-gallery/gradle.properties b/examples/widgets-gallery/gradle.properties
index a44945beaa..20a9ad100b 100644
--- a/examples/widgets-gallery/gradle.properties
+++ b/examples/widgets-gallery/gradle.properties
@@ -20,5 +20,5 @@ android.enableJetifier=true
 # Kotlin code style for this project: "official" or "obsolete":
 kotlin.code.style=official
 kotlin.version=1.6.10
-compose.version=1.0.1-rc2
-agp.version=4.2.2
+compose.version=1.0.1
+agp.version=7.0.4
diff --git a/examples/widgets-gallery/gradle/wrapper/gradle-wrapper.properties b/examples/widgets-gallery/gradle/wrapper/gradle-wrapper.properties
index 05679dc3c1..2e6e5897b5 100644
--- a/examples/widgets-gallery/gradle/wrapper/gradle-wrapper.properties
+++ b/examples/widgets-gallery/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.1.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.3.3-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/internal/JavaRuntimeProperties.kt b/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/internal/JavaRuntimeProperties.kt
index cdf145fdf8..ddb02b6b7c 100644
--- a/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/internal/JavaRuntimeProperties.kt
+++ b/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/internal/JavaRuntimeProperties.kt
@@ -11,7 +11,8 @@ import java.io.ObjectOutputStream
 import java.io.Serializable
 
 internal data class JavaRuntimeProperties(
-    val availableModules: List<String>
+    val majorVersion: Int,
+    val availableModules: List<String>,
 ) : Serializable {
     companion object {
         @Suppress("unused")
diff --git a/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/internal/MacSigner.kt b/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/internal/MacSigner.kt
index 3eb6e80cab..5fd61949a1 100644
--- a/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/internal/MacSigner.kt
+++ b/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/internal/MacSigner.kt
@@ -51,6 +51,16 @@ internal class MacSigner(
         runExternalTool(MacUtils.codesign, args)
     }
 
+    fun unsign(file: File) {
+        val args = listOf(
+            "-vvvv",
+            "--remove-signature",
+            file.absolutePath
+        )
+        runExternalTool(MacUtils.codesign, args)
+
+    }
+
     private fun findCertificate(certificates: String): String {
         val regex = Pattern.compile("\"alis\"<blob>=\"([^\"]+)\"")
         val m = regex.matcher(certificates)
diff --git a/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/internal/configureApplication.kt b/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/internal/configureApplication.kt
index 78015f52c5..25f9cc789e 100644
--- a/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/internal/configureApplication.kt
+++ b/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/internal/configureApplication.kt
@@ -112,7 +112,8 @@ internal fun Project.configurePackagingTasks(apps: Collection<Application>) {
             configurePackagingTask(
                 app,
                 createRuntimeImage = createRuntimeImage,
-                prepareAppResources = prepareAppResources
+                prepareAppResources = prepareAppResources,
+                checkRuntime = checkRuntime
             )
         }
 
@@ -131,7 +132,8 @@ internal fun Project.configurePackagingTasks(apps: Collection<Application>) {
                     configurePackagingTask(
                         app,
                         createRuntimeImage = createRuntimeImage,
-                        prepareAppResources = prepareAppResources
+                        prepareAppResources = prepareAppResources,
+                        checkRuntime = checkRuntime
                     )
                 } else {
                     configurePackagingTask(app, createAppImage = createDistributable)
@@ -184,7 +186,8 @@ internal fun AbstractJPackageTask.configurePackagingTask(
     app: Application,
     createAppImage: TaskProvider<AbstractJPackageTask>? = null,
     createRuntimeImage: TaskProvider<AbstractJLinkTask>? = null,
-    prepareAppResources: TaskProvider<Sync>? = null
+    prepareAppResources: TaskProvider<Sync>? = null,
+    checkRuntime: TaskProvider<AbstractCheckNativeDistributionRuntime>? = null
 ) {
     enabled = targetFormat.isCompatibleWithCurrentOS
 
@@ -204,6 +207,11 @@ internal fun AbstractJPackageTask.configurePackagingTask(
         appResourcesDir.set(resourcesDir)
     }
 
+    checkRuntime?.let { checkRuntime ->
+        dependsOn(checkRuntime)
+        javaRuntimePropertiesFile.set(checkRuntime.flatMap { it.javaRuntimePropertiesFile })
+    }
+
     configurePlatformSettings(app)
 
     app.nativeDistributions.let { executables ->
diff --git a/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/internal/files/MacJarSignFileCopyingProcessor.kt b/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/internal/files/MacJarSignFileCopyingProcessor.kt
index 31f7999ad6..b7888b4979 100644
--- a/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/internal/files/MacJarSignFileCopyingProcessor.kt
+++ b/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/internal/files/MacJarSignFileCopyingProcessor.kt
@@ -15,6 +15,7 @@ import java.util.zip.ZipOutputStream
 internal class MacJarSignFileCopyingProcessor(
     private val signer: MacSigner,
     private val tempDir: File,
+    private val jvmRuntimeVersion: Int
 ) : FileCopyingProcessor {
     override fun copy(source: File, target: File) {
         if (source.isJarFile) {
@@ -22,7 +23,18 @@ internal class MacJarSignFileCopyingProcessor(
         } else {
             SimpleFileCopyingProcessor.copy(source, target)
             if (source.name.isDylibPath) {
-                signer.sign(target)
+                when {
+                    jvmRuntimeVersion < 17 -> signer.sign(target)
+                    /**
+                     * JDK 17 started to sign non-jar dylibs,
+                     * but it fails, when libs are already signed,
+                     * so we need to remove signature before running jpackage.
+                     *
+                     * JDK 18 processes signed libraries fine, so we don't have to do anything.
+                     */
+                    jvmRuntimeVersion == 17 -> signer.unsign(target)
+                    else -> {}
+                }
             }
         }
     }
diff --git a/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/tasks/AbstractCheckNativeDistributionRuntime.kt b/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/tasks/AbstractCheckNativeDistributionRuntime.kt
index 000c1e5a47..2cddc31a5e 100644
--- a/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/tasks/AbstractCheckNativeDistributionRuntime.kt
+++ b/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/tasks/AbstractCheckNativeDistributionRuntime.kt
@@ -47,14 +47,14 @@ abstract class AbstractCheckNativeDistributionRuntime : AbstractComposeDesktopTa
     @TaskAction
     fun run() {
         val javaRuntimeVersion = try {
-            getJavaRuntimeVersionUnsafe()
+            getJavaRuntimeVersionUnsafe()?.toIntOrNull() ?: -1
         } catch (e: Exception) {
             throw IllegalStateException(
                 "Could not infer Java runtime version for Java home directory: ${javaHome.get()}", e
             )
         }
 
-        check((javaRuntimeVersion?.toIntOrNull() ?: -1) >= MIN_JAVA_RUNTIME_VERSION) {
+        check(javaRuntimeVersion >= MIN_JAVA_RUNTIME_VERSION) {
             """|Packaging native distributions requires JDK runtime version >= $MIN_JAVA_RUNTIME_VERSION
                |Actual version: '${javaRuntimeVersion ?: "<unknown>"}'
                |Java home: ${javaHome.get()}
@@ -76,7 +76,7 @@ abstract class AbstractCheckNativeDistributionRuntime : AbstractComposeDesktopTa
             }
         )
 
-        val properties = JavaRuntimeProperties(modules)
+        val properties = JavaRuntimeProperties(javaRuntimeVersion, modules)
         JavaRuntimeProperties.writeToFile(properties, javaRuntimePropertiesFile.ioFile)
     }
 
diff --git a/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/tasks/AbstractJPackageTask.kt b/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/tasks/AbstractJPackageTask.kt
index 1a988cff82..6f30ee2927 100644
--- a/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/tasks/AbstractJPackageTask.kt
+++ b/gradle-plugins/compose/src/main/kotlin/org/jetbrains/compose/desktop/application/tasks/AbstractJPackageTask.kt
@@ -193,6 +193,10 @@ abstract class AbstractJPackageTask @Inject constructor(
     @get:Optional
     internal val macExtraPlistKeysRawXml: Property<String?> = objects.nullableProperty()
 
+    @get:InputFile
+    @get:Optional
+    val javaRuntimePropertiesFile: RegularFileProperty = objects.fileProperty()
+
     @get:Optional
     @get:Nested
     internal var nonValidatedMacSigningSettings: MacOSSigningSettings? = null
@@ -408,7 +412,12 @@ abstract class AbstractJPackageTask @Inject constructor(
                 fileOperations.delete(tmpDirForSign)
                 tmpDirForSign.mkdirs()
 
-                MacJarSignFileCopyingProcessor(signer, tmpDirForSign)
+                val jvmRuntimeInfo = JavaRuntimeProperties.readFromFile(javaRuntimePropertiesFile.ioFile)
+                MacJarSignFileCopyingProcessor(
+                    signer,
+                    tmpDirForSign,
+                    jvmRuntimeVersion = jvmRuntimeInfo.majorVersion
+                )
             } ?: SimpleFileCopyingProcessor
         fun copyFileToLibsDir(sourceFile: File): File {
             val targetFileName =