Properly code-signing an app with bundled JRE
Hendrik Schreiber
hs at tagtraum.com
Tue Jan 28 14:52:55 PST 2014
On Jan 28, 2014, at 21:36, Paul Taylor <paul_t100 at fastmail.fm> wrote:
> Ah right, I package my application up using the BitBucket branch AppBundler https://bitbucket.org/infinitekind/appbundler whihc just relelized all puts the jre in the plugin folder
>
> but I only have to do this
>
> /usr/bin/codesign --sign "Developer ID Application: P Taylor" --force --deep --verbose /Applications/SongKong.app
> /usr/bin/codesign --verify --deep --verbose /Applications/SongKong.app
Thanks, Paul.
I revisited my code an realized that I had followed the advice given by http://www.red-sweater.com/blog/2390/developer-id-gotcha , i.e. I did something like:
codesign -f --sign "Developer ID" \\
-r='designated => certificate leaf H"xxx" and \\
identifier "com.red-sweater.marsedit"' MarsEdit.app \\
Naturally, with a plugin that has a different bundle id, this approach does not work.
I tried your approach, which seems to be the standard approach, and got the impression it works.
This means the Oracle instructions on http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/packagingAppsForMac.html should be changed to include the --deep flag. Perhaps someone with Oracle-connections could instigate this change to happen.
Thanks again, Paul, for sharing.
-hendrik
More information about the macosx-port-dev
mailing list