MAS codesign requirements break Java app signing
Danno Ferrin
danno.ferrin at oracle.com
Mon Nov 10 00:13:22 UTC 2014
What are your entitlements? For javapackager we sign only the master package with real user supplied entitlements, every other jar, dylib, and executable gets an entitlement with an entitlements that is just sandbox and inherit. We also don't put entitlements on the JRE package when it is signed under plugins.
On Nov 9, 2014, at 2:26 PM, Zach Oakes <zsoakes at gmail.com> wrote:
> It looks like Apple has changed its codesigning requirements for the Mac
> App Store. Thus far, I've been packaging my Java app using Oracle's
> appbundler tool and signing it with the following script:
>
> http://pastebin.com/BtLV9bur
>
> This worked fine even as recently as last month. This time, I get an email
> from them with the following:
>
> Invalid code signature - Signatures created with OS X version 10.8.5 or
> earlier [v1 signatures] are obsoleted and will no longer be recognized by
> Gatekeeper beginning with OS X version 10.9.5. To ensure your apps will run
> on updated versions of OS X they must be signed on OS X version 10.9 or
> later [v2 signatures]. For more information, see OS X Code Signing In Depth
>
> I think this error is incorrect, because I'm using 10.9.5 with the latest
> Xcode (6.1). I tried "codesign -dv MyApp.app" and it says "Sealed Resources
> version=2 rules=12 files=7", so I think I am using v2 signatures. My JDK
> version has not changed since last month (8u25), so I can rule that out.
>
> I would appreciate any help. Thank you.
>
> Zach
More information about the macosx-port-dev
mailing list