RFR: 8332110: [macos] jpackage tries to sign added files without the --mac-sign option

Michael Hall mik3hall at gmail.com
Fri May 24 08:47:10 UTC 2024



> On May 24, 2024, at 3:08 AM, Michael Hall <mik3hall at gmail.com> wrote:
> 
>> On May 23, 2024, at 8:13 PM, Alexander Matveev <almatvee at openjdk.org <mailto:almatvee at openjdk.org>> wrote:
>> 
>> otherwise add additional content as post-processing step.
> 
> Doesn’t this still leave you with an application that isn’t validly signed? And probably won’t run because of that.
> 
>> 2) jpackage --type app-image -n Test --app-content ReadMe ...
> 
> For your example. This almost seems like an Apple bug if you can add a directory to the Contents directory but not a file? 

Sorry I made my prior off-list.

Would it also generally be a good idea to include a final codesign verify to fail the build if something is wrong with the signature?

Something like…

echo '*******************'
echo 'verifying signature'
echo '*******************'
codesign -v --verbose=4 outputdir/HalfPipe.app

Expected output…

*******************
verifying signature
*******************
outputdir/HalfPipe.app: valid on disk
outputdir/HalfPipe.app: satisfies its Designated Requirement

I think I have suggested this before but don’t remember if I did an enhancement request. Maybe you do that and I’m just not aware of it if it doesn’t appear in the jpackage output.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/core-libs-dev/attachments/20240524/ada5e0a4/attachment-0002.htm>


More information about the core-libs-dev mailing list