jpackage ea-17 --mac-entitlements

Michael Hall mik3hall at gmail.com
Sat Apr 10 02:27:36 UTC 2021 

> 
> OK, probable user error. I eliminated my entitlement changes and it worked.
> 
Related to the same functionality that I am trying to add, I should, or have to, make changes to my Info.plist
This being the addition of NSAppleEventsUsageDescription. 
If I remember correctly in prior discussion concerning application specific environment variables provision was made for the user to include their own custom Info.plist in the Resources directory? Is that correct? Does the file name stay the same?
 
If of interest what I am trying to do is pretty much as described here…
Authorization by AEDeterminePermissionToAutomateTarget waits infinit time
https://developer.apple.com/forums/thread/666528 <https://developer.apple.com/forums/thread/666528>
Except that hangs intermittently and rarely while mine always hangs.

I want to authorize automation AppleEvents for my own application. This consistently hangs on the above call (AEDeterminePermissionToAutomateTarget) done in JNI.

2442 AEDeterminePermissionToAutomateTarget  (in AE) + 1313  [0x7fff3a2d8f2c]
    +                                                               2442 _dispatch_semaphore_wait_slow  (in libdispatch.dylib) + 98  [0x7fff72fb4fbf]
    +                                                                 2442 _dispatch_sema4_wait  (in libdispatch.dylib) + 16  [0x7fff72fb4aed]
    +                                                                   2442 semaphore_wait_trap  (in libsystem_kernel.dylib) + 10  [0x7fff7314ee36]

I have succeeded in getting the same native code to run command line from Terminal. I got it to run once from my application when the application was launched command line, it showed a dialog, and granted permission. However, the dialog application showed as Terminal and not mine.. So now the functionality actually works if command line launched but doesn’t if double click launched. With the problem that it hangs if I try the permit double click launched.

So it seems Terminal must be doing something different or have different authorization than I do. One difference was the entitlement that I originally was crashing with on this list thread.

Also if of interest I determined that difference by using the Taccy application. 
https://eclecticlight.co/tag/taccy/ <https://eclecticlight.co/tag/taccy/>
For Terminal this shows 

App signature check:
/System/Applications/Utilities/Terminal.app: accepted
source=Apple System
origin=Software Signing

For my application…

App signature check:
⛔️ spctl error 1
/Users/mjh/HalfPipe/HalfPipe_jpkg/outputdir/HalfPipe.app: a sealed resource is missing or invalid

I believe this relates to…
JDK-8263156 : [macos]: OS X application signing concerns - a sealed resource is missing or invalid
https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8263156 <https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8263156>

Although I believe 
codesign -v --verbose=4 outputdir/HalfPipe.app 
This verify would be sufficient to reproduce that error for any(?) jpackage Developer signed application.

I’m not sure what your policies are for using 3rd party tools but Taccy seems to give you a nice graphical view of application signing/entitlement related.

Sorry for the length,
Thanks

More information about the core-libs-dev mailing list