[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-core-libs-dev
Subject:    Re: jpackage MacOS Notarization
From:       Daniel Peintner <daniel.peintner () gmail ! com>
Date:       2021-07-29 8:36:49
Message-ID: CAAoP7T6x61mQsK+8NMn2APK7LtUHjnU0QLV3XpeZvgqNM-uM5w () mail ! gmail ! com
[Download RAW message or body]

Kevin, Andy,

Thanks for your quick response.

Full support for notarization in jpackage was added in JDK 17. Can you
> try an early access build of JDK 17 [1] and see if that works for you?
> 

I did try JDK17-ea-32 also with the same result.

Since I do understand it is difficult reproduce the problem I put together
a *very* simple test application which you can find in the "non-modular"
branch here:
https://github.com/danielpeintner/Java11Test/tree/non-modular

It is a gradle project. It uses Java 11 to run but in build.gradle on
line#83 [1] one can set the jpackage location (JDK17-ea-32 in this case).

The process is as follows
* ./gradlew build
* ./gradlew jpackage    // creates the dmg/pkg in folder build/jpackage
* afterwards Apple notarization process can be started

Note: notarization of dmg or pkg lead to the same failure.
See [2] for the full log w.r.t. pkg.

I hope this helps you to be able to reproduce the issue.

Thanks for your investigations!

-- Daniel

[1]
https://github.com/danielpeintner/Java11Test/blob/6e5f34b1a0ba9c1e8ba1f6b15d6915237d8f5b7e/build.gradle#L83
 [2]
https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma115/v4/90/4a/11/904a111c-01c7 \
-ecc1-466c-40e7e8a09c56/developer_log.json?accessKey=1627741411_2564804966498057981_aH \
Ps%2Fq9bzxGsY5Kd46U1QyWR8hmHJjLJLbUPpbvBqinIjiylTLsQy1APCJPkNN2w%2BZknT9OCl6zkzAyUm99E \
IBrm6tnOkZoWiwNG7TyukwCtAnIh%2FGpNAkLYfBpyDYjMaf7jQq8JekzxjYewhFuPDcJufWNrfuEX%2FN6zZoyz73I%3D



> 
> 
> -- Kevin
> 
> [1] https://jdk.java.net/17
> 
> On 7/28/2021 8:27 AM, Daniel Peintner wrote:
> > All,
> > 
> > I am trying to notarize an app (built with jpackage) for MacOS.
> > 
> > jpackage at first *seems* to properly sign all resources with the
> available
> > --mac-sign options et cetera.
> > 
> > Having said that, there are still remaining issues
> > 1. The app cannot be properly installed
> > (without hacks like xattr -d com.apple.quarantine
> /Applications/myAPP.app
> > ).
> > 2. I am also not able to properly notarize the app.
> > 
> > According to online resources there seem to exist issues in *past* about
> > notarization but according to [1, 2] the issues are fixed.
> > 
> > As mentioned, I still have issues :-(
> > Am I really the only one still having problems?
> > 
> > Java Version: AdoptOpenJDK-16.0.1+9 (tried Oracle JDK also without
> success)
> > 
> > The issue seems to boil down to 2 errors (attached the error log from
> Apple
> > notarization process).
> > * app Folder
> > * libjli.dylib
> > 
> > I thought I better ask first on the mailing list before creating an
> actual
> > bug report.
> > 
> > Note1: I used to use the *old* javapackager that worked with the same
> > signature/credentials.
> > Note2: running jpackage without --mac-sign options causes many more
> errors
> > in notarization (Hence, jpackage signs most resources but fails with
> some)
> > 
> > Any help / hint appreciated.
> > 
> > Thanks,
> > 
> > -- Daniel
> > 
> > [1] https://bugs.openjdk.java.net/browse/JDK-8257488
> > [2] https://bugs.openjdk.java.net/browse/JDK-8251892
> > 
> > 
> > 
> > ## APPLE LOG ##
> > 
> > {
> > "logFormatVersion": 1,
> > "jobId": "...",
> > "status": "Invalid",
> > "statusSummary": "Archive contains critical validation errors",
> > "statusCode": 4000,
> > "archiveFilename": "myAPP-21.07.28.dmg",
> > "uploadDate": "2021-07-28T14:31:24Z",
> > "sha256": "...",
> > "ticketContents": null,
> > "issues": [
> > {
> > "severity": "error",
> > "code": null,
> > "path": "myAPP-21.07.28.dmg/myAPP.app/Contents/MacOS/myAPP",
> > "message": "The signature of the binary is invalid.",
> > "docUrl": null,
> > "architecture": "x86_64"
> > },
> > {
> > "severity": "error",
> > "code": null,
> > "path":
> "myAPP-21.07.28.dmg/myAPP.app/Contents/runtime/Contents/MacOS/libjli.dylib",
> > "message": "The signature of the binary is invalid.",
> > "docUrl": null,
> > "architecture": "x86_64"
> > }
> > ]
> > }
> 
> 


[prev in list] [next in list] [prev in thread] [next in thread]