Apple Notarization

Zheka Kozlov orionllmain at
Tue Mar 5 11:19:11 UTC 2019

Hello Jessica. We also deliver our software with a bundled Java. In the
last couple of months, I was trying to overcome Apple notarization. I
finally managed to do it, however, after signing of Java executables and
dynamic libraries it doesn't work anymore.

Here I'll describe the steps I did:

1. Downloaded JRE 10.0.2 for macOS from Oracle (I could use JDK 11 as well,

2. Ungzipped it with `tar -zxf`.

3. Signed all executables and dynamic libraries with `codesign --force
--verify --deep --verbose --sign <identity> --timestamp -o runtime
--entitlements test.entitlements`
`-o runtime` enabled hardened runtime (which is required for successful
test.entitlements is a file with entitlements. Its contents are:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">

4. Zipped the JRE and submitted it for notarization: `xcrun altool
--notarize-app --primary-bundle-id "<id here>" --username <user name>
--file <jre zip file name>

The archive successfully passed the notarization. However, JRE is not
executable anymore. When I run `java -version`, it reports an error:
Error occurred during initialization of VM
Could not reserve enough space in CodeHeap 'non-nmethods' (2496K)

And I'm stuck here. I have no ideas on how to resolve this. I was trying to
read the JVM source code but with no luck (it requires deep knowledge of
the JVM internals).

Can anyone help with this? I would really appreciate if someone helped me
to understand this error message.


ср, 19 дек. 2018 г. в 03:51, Jessica Leigh <jessica at>:

> I'm investigating the process of getting an application "notarized" for Mac
> OS. This is a process that Apple has introduced with Mac OS 10.14 Mojave,
> and they've indicated that it will be required for developer-signed
> applications in the near future. The process differs from code signing
> (applications are uploaded to Apple, where they're scanned and either
> notarized or rejected). More information is available from Apple:
> Our software is bundled with Java 11, and my attempts to find information
> on notarizing Java applications led me to some Stack Overflow questions
> that suggest there may be problems with JAR files, e.g.,
> , where dynamic libraries inside JARs aren't signed, which causes
> notarization to fail.
> Has any thought been put into preparing/signing Java for the purpose of
> notarization? It seems like Java might not be ready for this yet.
> *Dr. Jessica Leigh*Software Developer

More information about the jdk-dev mailing list