[External] : Re: RFR: 8286850: [macos] Add support for signing user provided app image [v2]

Michael Hall mik3hall at gmail.com
Wed Jun 22 10:40:04 UTC 2022 


> On Jun 8, 2022, at 1:47 AM, Michael Hall <mik3hall at gmail.com> wrote:
> 
> 
> 
>> On Jun 7, 2022, at 9:21 PM, Alexander Matveev <alexander.matveev at oracle.com> wrote:
>> 
>> Hi Michael,
>> 
>> Yes, this is correct. It is a three step process as you outlined it below.
>> 
> 
> Alexander,
> 
> Could you post an example of the three invocations, without needing to include any post-processing, to 1) create app-image 2) sign 3) add to DMG
> Or indicate any tests included, or that will be included, in the jdk source where something similar is done. 
> There are not yet that I know of any documentation pages for the command? 
> 
> Thanks,
> Mike
> 

Assuming the current JDK19 ea includes this change and dependencies. Possibly this is still incorrect.

Running this to create an unsigned app-image.

${PACKAGER} \
	--verbose \
    --add-modules java.desktop,java.prefs,java.se \
    --type app-image \
	--input ./input \
	--app-version 1.0  \
	--name BlackJack\ Blastoff_Unsigned \
	--main-jar bjb.jar \
	--main-class org.bjb.BlackJackApp \
	--java-options '-Xmx1024m -XX:+UseG1GC -XX:MaxGCPauseMillis=50  -Dapple.laf.useScreenMenuBar=true -Dcom.apple.mrj.application.apple.menu.about.name=BlackjackBlastoff -Dapple.awt.application.name=Blackjack\ Blastoff' 
#	--mac-signing-key-user-name "Michael Hall" \
#	--mac-sign 

Gets this for output…
[05:20:06.459] Creating app package: BlackJack Blastoff_Unsigned.app in /Users/mjh/Blackjack_Blastoff/bjb/bjb_jpkg
[05:20:10.033] Command [PID: -1]:
    jlink --output /Users/mjh/Blackjack_Blastoff/bjb/bjb_jpkg/BlackJack Blastoff_Unsigned.app/Contents/runtime/Contents/Home --module-path /Library/Java/JavaVirtualMachines/jdk-19.jdk/Contents/Home/jmods --add-modules java.desktop,java.prefs,java.se --strip-native-commands --strip-debug --no-man-pages --no-header-files
[05:20:10.034] Output:
    
[05:20:10.035] Returned: 0

[05:20:10.073] Using default package resource JavaApp.icns [icon] (add BlackJack Blastoff_Unsigned.icns to the resource-dir to customize).
[05:20:10.075] Preparing Info.plist: /Users/mjh/Blackjack_Blastoff/bjb/bjb_jpkg/BlackJack Blastoff_Unsigned.app/Contents/Info.plist.
[05:20:10.077] Using default package resource Info-lite.plist.template [Application Info.plist] (add Info.plist to the resource-dir to customize).
[05:20:10.080] Using default package resource Runtime-Info.plist.template [Java Runtime Info.plist] (add Runtime-Info.plist to the resource-dir to customize).
[05:20:10.085] Running /usr/bin/codesign
[05:20:10.122] Running /usr/bin/codesign
[05:20:10.144] Running /usr/bin/codesign
...
[05:20:10.785] Running /usr/bin/codesign
[05:20:10.807] Running /usr/bin/codesign
[05:20:10.839] Running /usr/bin/codesign
[05:20:10.862] Succeeded in building Mac Application Image package

Signing should of been turned off? Is codesign being used in error or does it still have to use that for some reason on the embedded jdk? What is it using for the signing cert?

codesign -v --verbose=4 BlackJack\ Blastoff_Unsigned.app 
BlackJack Blastoff_Unsigned.app: code has no resources but signature indicates they must be present 

I think I reported this before. The intention was to have jpackage create an unsigned app-image and sign after post-processing but it seems to think some incorrect signature is there immediately.
Was this not the intent of this change?

More information about the core-libs-dev mailing list