I am glad to see that people are making progress on this front. Did you see the points I raised about the new arguments and inputs that need to be provided in order to build code-signed packages that can pass Appleās current notarization requirements in Catalina? I am currently successfully notarizing a Java disk image created by the early access version of jpackage, but I need to do the signing and notarizing myself because jpackage does not yet support specifying use of the hardened runtime, nor the necessary entitlements for the JVM to run properly in that hardened environment. I would be happy to share what I found works whenever that might be helpful.
Cheers, -James On 1/22/2020 11:37 PM, Alexander Matveev wrote: Please review the jpackage fix for bug [1] at [2]. - Fixed by forcing signing even if runtime already signed. - Original implementation was not taken in consideration that runtime can be signed (JDK itself is signed from which jpackage is used or runtime provided via --runtime-image). - Signature of binaries files in runtime will not be change, with this fix we will generate new _CodeSignature/CodeResources file which contains signatures of all files inside runtime folder signed with user provided certificate. [1] https://bugs.openjdk.java.net/browse/JDK-8237607 [2] http://cr.openjdk.java.net/~almatvee/8237607/webrev.00/ Thanks, Alexander