[External] : Re: RFR: 8293462: [macos] app image signature invalid when creating DMG or PKG from post processed signed image

Tue Sep 27 19:48:48 UTC 2022

Hi Michael,

It is not possible to provide a unique or hashed CFBundleIdentifier. We already implemented to throw error if —strip-native-commands are not provided to jlink or if provided runtime contain bin directory.
Look at https://github.com/openjdk/jdk/pull/8666

Thanks,
Alexander

On Sep 27, 2022, at 4:44 AM, Michael Hall <mik3hall at gmail.com<mailto:mik3hall at gmail.com>> wrote:

On Sep 26, 2022, at 9:24 PM, Michael Hall <mik3hall at gmail.com<mailto:mik3hall at gmail.com>> wrote:

On Sep 20, 2022, at 5:50 PM, Michael Hall <mik3hall at gmail.com<mailto:mik3hall at gmail.com>> wrote:

Still you could use post-processing to add whatever java binary executable commands you wanted. This again would mean changes to the embedded jdk that might have signing side effects. I haven’t tested.

Thinking about this I looked at my application that includes java commands and saw that currently I include all. And all appear to be of fixed size. So I assume some kind of launcher stub?

I then remembered

[macos]: App bundle cannot upload to Mac App Store due to info.plist embedded in java exe
https://bugs.openjdk.org/browse/JDK-8286122

It might be an idea, if coming up with a unique or hashed CFBundleIdentifier in the Info.plist isn’t seen as a workable alternative, for jpackage to issue a warning anytime jlink parameters are passed without —strip-native-commands to issue a warning message that the application will not be eligible for the Mac App Store.
So developers don’t develop applications with a dependency on native commands intending them for the Mac App Store only to find out when they attempt a final MAS version that they are prohibited.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/core-libs-dev/attachments/20220927/6d507543/attachment-0001.htm>