[External] : Re: RFR: 8286122: [macos]: App bundle cannot upload to Mac App Store due to info.plist embedded in java exe

Alexander Matveev alexander.matveev at oracle.com
Tue May 17 00:09:59 UTC 2022 

Hi Michael,

> 
>>> 
>>> I’m not real familiar with the build process. But would it be possible for the user to build their own jdk that substitutes something else for the colliding identifier that gets embedded?
>> Yes, it should be possible and in theory such JDK with native commands can be used. However, current fix will not allow such JDK build, since we checking for presence of “bin” folder and not if ID is actually unique. To work around this limitation user can package without native commands first, then add native commands and re-sign application.
> 
> Signing is currently an integrated part of the process. I thought about making an enhancement request to have it possible to do it stepped. First build the application, then allow the user to post-process that. Maybe run a tool/script to modify the application level Info.plist file. Then allow a second final step that does the signing. I don’t remember if I actually made that enhancement request. But currently there is no way with jpackage to standalone sign the application is there? I think this is somewhat involved with the application bundle being iterated and for one thing each jar being separately code signed? I think it took a release or two of the command to get this correct. So I doubt Xcode could manage it. Is there a way to do the signing standalone with jpackage that I am not aware of?
> 
> If I didn’t do an enhancement request on this I could, if you think jpackage could manage it?
> 

There is no a way to do the signing of standalone app image and app image will not get signed if you generating DMG or PKG by providing app image via —app-image and specifing signing. Only PKG will get signed if signing is specified with —app-image.

Currently jpackage will block following command:
jpackage --type app-image --app-image Test.app --mac-sign ...
Error: Option [--app-image] is not valid with type [app-image]

I think we can allow app-image type with app image input if signing is requested and command from above will just sign app image in place.

Generating DMG or PKG from —app-image and with signing enabled will not sign app image as it currently do.

If no objections for proposed enhancement I will go ahead and file one.

Thanks,
Alexander

More information about the core-libs-dev mailing list