<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Aptos;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:334845626;
mso-list-template-ids:-981828272;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1754400362;
mso-list-template-ids:-1527468994;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:1865629919;
mso-list-template-ids:-1041880274;}
@list l2:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l2:level3
{mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level4
{mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level5
{mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level6
{mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level7
{mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level8
{mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level9
{mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l3
{mso-list-id:2038843755;
mso-list-template-ids:-1552363372;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style>
</head>
<body lang="FR" link="#467886" vlink="#96607D" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">For an application, I need to create a pkg for macOS of a Java application, but jpackage does not provide support for all the steps required. As a reminder, here is the full workflow needed to create a valid pkg that passes Gatekeeper on
macOS, which requires three different certificates:<o:p></o:p></p>
<ul style="margin-top:0cm" type="disc">
<li class="MsoNormal" style="mso-list:l0 level1 lfo3">A standard signing certificate<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo3">An Apple Developer ID Application certificate<o:p></o:p></li><li class="MsoNormal" style="mso-list:l0 level1 lfo3">An Apple Developer ID Installer certificate<o:p></o:p></li></ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The full workflow is:<o:p></o:p></p>
<ol style="margin-top:0cm" start="1" type="1">
<li class="MsoNormal" style="mso-list:l2 level1 lfo6">Signing the native libraries inside the JAR (requires a Developer ID Application certificate)<o:p></o:p></li><ul style="margin-top:0cm" type="circle">
<li class="MsoNormal" style="mso-list:l2 level2 lfo6">Basically, this involves extracting the JAR, signing all .jnilib and .dylib files, and rebuilding the JAR.<o:p></o:p></li></ul>
<li class="MsoNormal" style="mso-list:l2 level1 lfo6">Signing the JAR itself (requires a standard certificate)<o:p></o:p></li><ul style="margin-top:0cm" type="circle">
<li class="MsoNormal" style="mso-list:l2 level2 lfo6">Using jarsigner to pass the JVM security check.<o:p></o:p></li></ul>
<li class="MsoNormal" style="mso-list:l2 level1 lfo6">Generating an application image (.app)<o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo6">Signing the native libraries included in the image (requires a Developer ID Application certificate)<o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo6">Signing the main executable of the image (requires a Developer ID Application certificate)<o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo6">Signing the main bundle of the image (requires a Developer ID Application certificate)<o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo6">(Optional) Adding an entitlements.plist file to allow JNI usage<o:p></o:p></li><ul style="margin-top:0cm" type="circle">
<li class="MsoNormal" style="mso-list:l2 level2 lfo6">Needed if using restricted features such as JNI.<o:p></o:p></li></ul>
<li class="MsoNormal" style="mso-list:l2 level1 lfo6">Creating the installer package (.pkg)<o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo6">Signing the installer package (requires a Developer ID Installer certificate)<o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo6">Notarizing the package (submission to Apple for verification)<o:p></o:p></li><li class="MsoNormal" style="mso-list:l2 level1 lfo6">Stapling the package (embedding the notarization directly into the package)<o:p></o:p></li></ol>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">If we skip steps 1 and 2 for preparing the JAR (it would be better if jpackage could handle this automatically), as well as steps 10 and 11, then for steps 3 to 9 we need to use two different certificates, but jpackage provides only a single
`--mac-sign` parameter, which does not support multiple certificates and would ideally be split into separate parameters for the application certificate and the installer certificate; as a result, when creating a pkg with jpackage, the App Image inside remains
unsigned, which causes Gatekeeper to block the application.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Best regards,<o:p></o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="94%" style="width:94.44%">
<tbody>
<tr>
<td width="100%" style="width:100.0%;padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#002A50;mso-fareast-language:FR">Florent MARTIN<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#002A50;mso-fareast-language:FR">Développeur<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#002A50;mso-fareast-language:FR">Cegid Relations Bancaires
<o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#002C52;mso-fareast-language:FR"><o:p> </o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="25%" style="width:25.92%">
<tbody>
<tr style="height:33.2pt">
<td width="113" style="width:85.1pt;padding:0cm 0cm 0cm 0cm;height:33.2pt">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#002A50;mso-fareast-language:FR">+33 (0)2 99 55 33 22<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#002C52;mso-fareast-language:FR"><a href="mailto:flmartin@cegid.com"><span style="color:#0563C1">flmartin@cegid.com</span></a></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#002A50;mso-fareast-language:FR"><o:p></o:p></span></p>
</td>
<td width="35" style="width:25.9pt;padding:0cm 0cm 0cm 0cm;height:33.2pt">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#002A50;mso-fareast-language:FR"><o:p> </o:p></span></p>
</td>
<td width="90" style="width:67.8pt;padding:0cm 0cm 0cm 0cm;height:33.2pt">
<p class="MsoNormal"><a href="https://www.facebook.com/CegidGroup/" title=""Suivre sur Facebook" t "><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:blue;mso-ligatures:none;mso-fareast-language:FR;text-decoration:none"><img border="0" width="15" height="15" style="width:.1562in;height:.1562in" id="Picture_x0020_6" src="cid:image001.png@01DCA4BB.0FFB4F80" alt="Facebook"></span></a><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#002A50;mso-fareast-language:FR"> </span><a href="https://twitter.com/CegidGroup" title=""Suivre sur Twitter" t "><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:blue;mso-ligatures:none;mso-fareast-language:FR;text-decoration:none"><img border="0" width="15" height="15" style="width:.1562in;height:.1562in" id="Picture_x0020_7" src="cid:image002.png@01DCA4BB.0FFB4F80" alt="Twitter"></span></a><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#002A50;mso-fareast-language:FR"> </span><a href="https://fr.linkedin.com/company/cegid" title=""Suivre sur LinkedIn" t "><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:blue;mso-ligatures:none;mso-fareast-language:FR;text-decoration:none"><img border="0" width="15" height="15" style="width:.1562in;height:.1562in" id="Picture_x0020_8" src="cid:image003.png@01DCA4BB.0FFB4F80" alt="LinkedIn"></span></a><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#002A50;mso-fareast-language:FR">
<br>
<a href="https://www.cegid.com/" target="_blank"><b><span style="color:#002A50">cegid.com</span></b></a><b>
</b><o:p></o:p></span></p>
</td>
<td width="250" style="width:187.25pt;padding:0cm 0cm 0cm 0cm;height:33.2pt"></td>
</tr>
<tr style="height:76.1pt">
<td width="488" colspan="4" style="width:366.15pt;padding:0cm 0cm 0cm 0cm;height:76.1pt">
<p class="MsoNormal"><a href="http://www.cegid.com/" target="_blank"><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:blue;mso-ligatures:none;mso-fareast-language:FR;text-decoration:none"><img border="0" width="100" height="87" style="width:1.0416in;height:.9062in" id="Picture_x0020_9" src="cid:image004.png@01DCA4BB.0FFB4F80" alt="Cegid"></span></a><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#0046FE;mso-fareast-language:FR"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="font-size:12.0pt;mso-fareast-language:FR"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><br>
<br>
Cegid est susceptible d’effectuer un traitement sur vos données personnelles à des fins de gestion de notre relation commerciale. Pour plus d’information, consultez https://www.cegid.com/fr/privacy-policy<br>
Ce message et les pièces jointes sont confidentiels et établis à l'attention exclusive de ses destinataires. Toute utilisation ou diffusion, même partielle, non autorisée est interdite. Tout message électronique est susceptible d'altération; Cegid décline donc
toute responsabilité au titre de ce message. Si vous n'êtes pas le destinataire de ce message, merci de le détruire et d'avertir l'expéditeur.
<br>
<br>
Cegid may process your personal data for the purpose of our business relationship management. For more information, please visit our website https://www.cegid.com/en/privacy-policy<br>
This message and any attachments are confidential and intended solely for the addressees. Any unauthorized use or disclosure, either whole or partial is prohibited. E-mails are susceptible to alteration; Cegid shall therefore not be liable for the content of
this message. If you are not the intended recipient of this message, please delete it and notify the sender.
</body>
</html>