jpackage MacOS Notarization

Thu Jul 29 08:36:49 UTC 2021

Kevin, Andy,

Thanks for your quick response.

Full support for notarization in jpackage was added in JDK 17. Can you
> try an early access build of JDK 17 [1] and see if that works for you?
>

I did try JDK17-ea-32 also with the same result.

Since I do understand it is difficult reproduce the problem I put together
a *very* simple test application which you can find in the "non-modular"
branch here:
https://github.com/danielpeintner/Java11Test/tree/non-modular

It is a gradle project. It uses Java 11 to run but in build.gradle on
line#83 [1] one can set the jpackage location (JDK17-ea-32 in this case).

The process is as follows
* ./gradlew build
* ./gradlew jpackage    // creates the dmg/pkg in folder build/jpackage
* afterwards Apple notarization process can be started

Note: notarization of dmg or pkg lead to the same failure.
See [2] for the full log w.r.t. pkg.

I hope this helps you to be able to reproduce the issue.

Thanks for your investigations!

-- Daniel

[1]
https://github.com/danielpeintner/Java11Test/blob/6e5f34b1a0ba9c1e8ba1f6b15d6915237d8f5b7e/build.gradle#L83
[2]
https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma115/v4/90/4a/11/904a111c-01c7-ecc1-466c-40e7e8a09c56/developer_log.json?accessKey=1627741411_2564804966498057981_aHPs%2Fq9bzxGsY5Kd46U1QyWR8hmHJjLJLbUPpbvBqinIjiylTLsQy1APCJPkNN2w%2BZknT9OCl6zkzAyUm99EIBrm6tnOkZoWiwNG7TyukwCtAnIh%2FGpNAkLYfBpyDYjMaf7jQq8JekzxjYewhFuPDcJufWNrfuEX%2FN6zZoyz73I%3D

>
>
> -- Kevin
>
> [1] https://jdk.java.net/17
>
> On 7/28/2021 8:27 AM, Daniel Peintner wrote:
> > All,
> >
> > I am trying to notarize an app (built with jpackage) for MacOS.
> >
> > jpackage at first *seems* to properly sign all resources with the
> available
> > --mac-sign options et cetera.
> >
> > Having said that, there are still remaining issues
> > 1. The app cannot be properly installed
> >     (without hacks like xattr -d com.apple.quarantine
> /Applications/myAPP.app
> > ).
> > 2. I am also not able to properly notarize the app.
> >
> > According to online resources there seem to exist issues in *past* about
> > notarization but according to [1, 2] the issues are fixed.
> >
> > As mentioned, I still have issues :-(
> > Am I really the only one still having problems?
> >
> > Java Version: AdoptOpenJDK-16.0.1+9 (tried Oracle JDK also without
> success)
> >
> > The issue seems to boil down to 2 errors (attached the error log from
> Apple
> > notarization process).
> > * app Folder
> > * libjli.dylib
> >
> > I thought I better ask first on the mailing list before creating an
> actual
> > bug report.
> >
> > Note1: I used to use the *old* javapackager that worked with the same
> > signature/credentials.
> > Note2: running jpackage without --mac-sign options causes many more
> errors
> > in notarization (Hence, jpackage signs most resources but fails with
> some)
> >
> > Any help / hint appreciated.
> >
> > Thanks,
> >
> > -- Daniel
> >
> > [1] https://bugs.openjdk.java.net/browse/JDK-8257488
> > [2] https://bugs.openjdk.java.net/browse/JDK-8251892
> >
> >
> >
> > ## APPLE LOG ##
> >
> > {
> >    "logFormatVersion": 1,
> >    "jobId": "...",
> >    "status": "Invalid",
> >    "statusSummary": "Archive contains critical validation errors",
> >    "statusCode": 4000,
> >    "archiveFilename": "myAPP-21.07.28.dmg",
> >    "uploadDate": "2021-07-28T14:31:24Z",
> >    "sha256": "...",
> >    "ticketContents": null,
> >    "issues": [
> >      {
> >        "severity": "error",
> >        "code": null,
> >        "path": "myAPP-21.07.28.dmg/myAPP.app/Contents/MacOS/myAPP",
> >        "message": "The signature of the binary is invalid.",
> >        "docUrl": null,
> >        "architecture": "x86_64"
> >      },
> >      {
> >        "severity": "error",
> >        "code": null,
> >        "path":
> "myAPP-21.07.28.dmg/myAPP.app/Contents/runtime/Contents/MacOS/libjli.dylib",
> >        "message": "The signature of the binary is invalid.",
> >        "docUrl": null,
> >        "architecture": "x86_64"
> >      }
> >    ]
> > }
>
>