> On Apr 22, 2021, at 7:41 AM, Andy Herrick <andy.herr...@oracle.com> wrote:
>
>
> On 4/21/2021 6:15 PM, Michael Hall wrote:
>> Reverted to Jdk 16 and temporarily couldn’t figure out why AppleScript
>> wasn’t working again.
>>
>> I needed to provide an entitlement. At jpackage 16 I found I needed to do
>> this differently with a <app.name>.entitlements file in the resources
>> directory, as I noticed in the verbose command output.
>>
>> I had previously noticed that jpackage 17 now includes a parameter to
>> provide this.
>>
>> Will both options continue to be supported, resource dir and parm, or will
>> parm become the only supported way at or after 17?
>
> Yes, if --mac-entitlement options exists, it will use it, otherwise , the
> previous behavior is maintained, the default resource entitlements.plist in
> the source code will be used unless overridden by <app name>.entitlements in
> the resource directory.
>
> /Andy
>
Ok so in order…
—mac-entitlement
<app name>.entitlements
jpackage provided default
If at some point after the —mac-entitlement parameter has been in place for a
while and it is decided to eliminate the resource dir option a warning message
might be an idea.
I still think possibly including a verify error exception or warning might also
be helpful if that has issues
I figured out that when I was trying different things with signing I must of
deleted my Developer ID Application: certificate from keychain. Which is what
must of been being found by the jpackage /usr/bin/security find-certificate.
Hard coding my fully qualified “3rd Party” cert was working fine.
After putting my Developer ID Application cert back in the keychain signing
again worked by just using my name - but once more the app doesn’t verify.
This time if I codesign -v it seems ok. But for some reason the Taccy
application shows…
App signature check:
⛔️ spctl error 3
/Users/mjh/HalfPipe/HalfPipe_jpkg/outputdir/HalfPipe.app: rejected
source=Unnotarized Developer ID
origin=Developer ID Application: <me>
For what I am doing this is not a problem but could be a concern for someone
trying to get an application into the App Store.
So, if you do not currently have plans to do something or there is already a
RFE in place that you know of. I will submit one to include a verify on signed
applications.