orionllmain at gmail.com
Tue Mar 5 11:19:11 UTC 2019
Hello Jessica. We also deliver our software with a bundled Java. In the
last couple of months, I was trying to overcome Apple notarization. I
finally managed to do it, however, after signing of Java executables and
dynamic libraries it doesn't work anymore.
Here I'll describe the steps I did:
1. Downloaded JRE 10.0.2 for macOS from Oracle (I could use JDK 11 as well,
2. Ungzipped it with `tar -zxf`.
3. Signed all executables and dynamic libraries with `codesign --force
--verify --deep --verbose --sign <identity> --timestamp -o runtime
`-o runtime` enabled hardened runtime (which is required for successful
test.entitlements is a file with entitlements. Its contents are:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "
4. Zipped the JRE and submitted it for notarization: `xcrun altool
--notarize-app --primary-bundle-id "<id here>" --username <user name>
--file <jre zip file name>
The archive successfully passed the notarization. However, JRE is not
executable anymore. When I run `java -version`, it reports an error:
Error occurred during initialization of VM
Could not reserve enough space in CodeHeap 'non-nmethods' (2496K)
And I'm stuck here. I have no ideas on how to resolve this. I was trying to
read the JVM source code but with no luck (it requires deep knowledge of
the JVM internals).
Can anyone help with this? I would really appreciate if someone helped me
to understand this error message.
ср, 19 дек. 2018 г. в 03:51, Jessica Leigh <jessica at geneious.com>:
> I'm investigating the process of getting an application "notarized" for Mac
> OS. This is a process that Apple has introduced with Mac OS 10.14 Mojave,
> and they've indicated that it will be required for developer-signed
> applications in the near future. The process differs from code signing
> (applications are uploaded to Apple, where they're scanned and either
> notarized or rejected). More information is available from Apple:
> Our software is bundled with Java 11, and my attempts to find information
> on notarizing Java applications led me to some Stack Overflow questions
> that suggest there may be problems with JAR files, e.g.,
> , where dynamic libraries inside JARs aren't signed, which causes
> notarization to fail.
> Has any thought been put into preparing/signing Java for the purpose of
> notarization? It seems like Java might not be ready for this yet.
> *Dr. Jessica Leigh*Software Developer
More information about the jdk-dev