jpackage bugs

[Michael Hall]

> On Apr 17, 2021, at 9:14 AM, Michael Hall <mik3hall at gmail.com> wrote:
> 
>> only executables and libraries are signed - this tool running across the whole app will find unsigned files, that would be expected.
> 
> Hmm. ok. Is the jdk separately signed? Would something in copying it change a date or something that would cause the verify to fail on the jdk signature thinking something has changed rather than what you sign for the app?
> 
> ls -l HalfPipe.app/Contents/runtime/Contents
> total 8
> ...
> drwxr-xr-x  3 mjh  staff   96 Apr 16 19:29 _CodeSignature

OK I think this may be it. For my testing I sort of force the DMG build back to the —install-dir one.

open -Wg HalfPipe-1.0.dmg
cp -r /Volumes/HalfPipe/HalfPipe.app outputdir/HalfPipe.app
…
diskutil eject HalfPipe
open outputdir/HalfPipe.app

codesign -v outputdir/HalfPipe.app
outputdir/HalfPipe.app: a sealed resource is missing or invalid

If instead I do the proper drag and drop install to the Applications directory.
codesign -v /Applications/HalfPipe.app

No error. So apparently ‘cp’ is not a good idea on a signed application. At least not on a signed java one. 

This one can probably be closed permanently.