RFR: 8293462: [macos] app image signature invalid when creating DMG or PKG from post processed signed image

Michael Hall mik3hall at gmail.com
Tue Sep 27 02:24:05 UTC 2022



> On Sep 20, 2022, at 5:50 PM, Michael Hall <mik3hall at gmail.com> wrote:
> 
> Still you could use post-processing to add whatever java binary executable commands you wanted. This again would mean changes to the embedded jdk that might have signing side effects. I haven’t tested.  

Thinking about this I looked at my application that includes java commands and saw that currently I include all. And all appear to be of fixed size. So I assume some kind of launcher stub?

I then remembered 

[macos]: App bundle cannot upload to Mac App Store due to info.plist embedded in java exe
https://bugs.openjdk.org/browse/JDK-8286122 <https://bugs.openjdk.org/browse/JDK-8286122>

The bug being due…
> ITMS-90511: CFBundleIdentifier Collision - The Info.plist CFBundleIdentifier value 'net.java.openjdk.java' of 'java' is already in use by another application. 
This because the launcher stub includes it’s own Info.pliat’s always using the same CFBundleIdentifier

If I understand the resolution correctly…
https://github.com/openjdk/jdk17u-dev/commit/6a4b6220f8dc184f408f1295865ed0ad2e3710ca <https://github.com/openjdk/jdk17u-dev/commit/6a4b6220f8dc184f408f1295865ed0ad2e3710ca>

This effectively prohibits jpackage applications going to the App Store from using java native commands by disallowing the jlink option.
I realize this issue is closed and probably not yours to resolve.

But wouldn’t it be possible to simply make the CFBundleIdentifier unique?
Maybe a hash of command name and application name, something like…
Hash(“java”+”MyCommandUsingMacAppStoreApp”)

I don’t think the identifiers for the embedded commands need to be meaningful to the developer or anyone else. A good hash should pretty much eliminate collisions.

My apologies if I’m simply repeating something dismissed in prior discussion.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/core-libs-dev/attachments/20220926/401611f4/attachment-0001.htm>


More information about the core-libs-dev mailing list