Bug 572876: Sign .jnilib files in JNA so that macOS can notarize

Change-Id: Id0561cff71089f27974346b64b4f0c2a6e4fabea
diff --git a/jna/com.sun.jna_4.1.0/eclipse-sign-jnilibs.properties b/jna/com.sun.jna_4.1.0/eclipse-sign-jnilibs.properties
new file mode 100644
index 0000000..acedac7
--- /dev/null
+++ b/jna/com.sun.jna_4.1.0/eclipse-sign-jnilibs.properties
@@ -0,0 +1,2 @@
+# This file tells the Maven build to sign the jnilibs contained in built jar
+# see the eclipse-sign-jnilibs profile defined in the parent pom
diff --git a/jna/com.sun.jna_4.5.1/eclipse-sign-jnilibs.properties b/jna/com.sun.jna_4.5.1/eclipse-sign-jnilibs.properties
new file mode 100644
index 0000000..acedac7
--- /dev/null
+++ b/jna/com.sun.jna_4.5.1/eclipse-sign-jnilibs.properties
@@ -0,0 +1,2 @@
+# This file tells the Maven build to sign the jnilibs contained in built jar
+# see the eclipse-sign-jnilibs profile defined in the parent pom
diff --git a/jna/com.sun.jna_5.6.0/eclipse-sign-jnilibs.properties b/jna/com.sun.jna_5.6.0/eclipse-sign-jnilibs.properties
new file mode 100644
index 0000000..acedac7
--- /dev/null
+++ b/jna/com.sun.jna_5.6.0/eclipse-sign-jnilibs.properties
@@ -0,0 +1,2 @@
+# This file tells the Maven build to sign the jnilibs contained in built jar
+# see the eclipse-sign-jnilibs profile defined in the parent pom
diff --git a/jna/com.sun.jna_5.8.0/eclipse-sign-jnilibs.properties b/jna/com.sun.jna_5.8.0/eclipse-sign-jnilibs.properties
new file mode 100644
index 0000000..acedac7
--- /dev/null
+++ b/jna/com.sun.jna_5.8.0/eclipse-sign-jnilibs.properties
@@ -0,0 +1,2 @@
+# This file tells the Maven build to sign the jnilibs contained in built jar
+# see the eclipse-sign-jnilibs profile defined in the parent pom
diff --git a/releng/mavenparent/pom.xml b/releng/mavenparent/pom.xml
index 0c24bf2..7f688da 100644
--- a/releng/mavenparent/pom.xml
+++ b/releng/mavenparent/pom.xml
@@ -184,6 +184,54 @@
       </build>
     </profile>
     <profile>
+      <id>eclipse-sign-jnilibs</id>
+      <!-- See releng/scripts/sign-jnilibs.sh for documentation -->
+      <activation>
+        <property>
+          <name>eclipse-sign</name>
+        </property>
+        <file>
+          <exists>eclipse-sign-jnilibs.properties</exists>
+        </file>
+      </activation>
+      <build>
+        <plugins>
+          <plugin>
+            <groupId>org.eclipse.ebr</groupId>
+            <artifactId>ebr-maven-plugin</artifactId>
+          </plugin>
+          <plugin>
+            <artifactId>maven-antrun-plugin</artifactId>
+            <executions>
+              <execution>
+                <id>sign-jnilibs</id>
+                <phase>package</phase>
+                <goals>
+                  <goal>run</goal>
+                </goals>
+                <configuration>
+                  <target>
+                    <exec executable="${project.basedir}/../../releng/scripts/sign-jnilibs.sh" newenvironment="false" failOnError="true" dir="${project.build.directory}">
+                        <arg value="${project.build.directory}/${project.artifactId}-${project.version}.jar" />
+                    </exec>
+                  </target>
+                </configuration>
+              </execution>
+            </executions>
+          </plugin>
+          <!-- The pack200 plugins are explicitly listed to ensure that they run after the sign-jnilibs runs-->
+          <plugin>
+            <groupId>org.eclipse.tycho.extras</groupId>
+            <artifactId>tycho-pack200a-plugin</artifactId>
+          </plugin>
+          <plugin>
+            <groupId>org.eclipse.tycho.extras</groupId>
+            <artifactId>tycho-pack200b-plugin</artifactId>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
+    <profile>
       <id>eclipse-sign</id>
       <activation>
         <property>
@@ -481,6 +529,16 @@
           <version>3.8.1</version>
         </plugin>
         <plugin>
+          <groupId>org.apache.maven.plugins</groupId>
+          <artifactId>maven-antrun-plugin</artifactId>
+          <version>3.0.0</version>
+        </plugin>
+        <plugin>
+          <groupId>org.apache.maven.plugins</groupId>
+          <artifactId>maven-assembly-plugin</artifactId>
+          <version>3.3.0</version>
+        </plugin>
+        <plugin>
           <groupId>org.eclipse.tycho</groupId>
           <artifactId>tycho-maven-plugin</artifactId>
           <version>${tycho-version}</version>
diff --git a/releng/scripts/sign-jnilibs.sh b/releng/scripts/sign-jnilibs.sh
new file mode 100755
index 0000000..e779c2d
--- /dev/null
+++ b/releng/scripts/sign-jnilibs.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+###############################################################################
+# Copyright (c) 2021 Kichwa Coders Canada Inc.
+#
+# This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License 2.0
+# which accompanies this distribution, and is available at
+# https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+###############################################################################
+
+# To use this script, run it on a built jar to extract all .jnilib files, sign them
+# and repack the file. 
+#
+# To activate jnilib signing for an orbit bundle, create a file in the project
+# called eclipse-sign-jnilibs.properties to activate the eclipse-sign-jnilibs
+# profile defined in the parent pom.
+
+set -u # run with unset flag error so that missing parameters cause build failure
+set -e # error out on any failed commands
+set -x # echo all commands used for debugging purposes
+
+JAR=$1
+echo "Signing jnilibs in $JAR"
+mkdir -p sign-jnilibs
+cd sign-jnilibs
+jar --extract --file=$JAR
+for j in `find * -name \*\.jnilib`; do
+    mv $j $j-tosign
+    curl -o $j -F file=@$j-tosign https://cbi.eclipse.org/macos/codesign/sign
+    rm $j-tosign
+    jar --update --file=$JAR $j
+done