On Thu, 30 May 2024 22:54:12 GMT, Alexander Matveev <almat...@openjdk.org> wrote:
>> This issue is reproducible with and without `--mac-sign`. jpackage will >> "_ad-hoc_" sign application bundle when `--mac-sign` is not specified by >> using pseudo-identity "_-_". This is why jpackage tries to sign added files >> and this is expected behavior by jpackage. "codesign" fails since added >> content made application bundle structure invalid. There is nothing we can >> do on jpackage side to sign such invalid bundles. As proposed solution we >> will output possible reason for "codesign" failure if it fails and >> `--app-content` was specified and possible solution. Proposed message: "One >> of the possible reason for "codesign" failure is additional content provided >> via "--app-content", which made application bundle structure invalid. Make >> sure to provide additional content in a way it will not break application >> bundle structure, otherwise add additional content as post-processing step." >> >> Example: >> Lets assume we have "ReadMe" folder with "ReadMe.txt" file in it. >> 1) jpackage --type app-image -n Test --app-content ReadMe/ReadMe.txt ... >> "codesign" will fail with "In subcomponent: Test.app/Contents/ReadMe.txt". >> This is expected and "ReadMe.txt" placed in "Test.app/Contents" which is >> also expected. >> 2) jpackage --type app-image -n Test --app-content ReadMe ... >> Works and "ReadMe.txt" will be placed under "Test.app/Contents/ReadMe". >> >> Sample output before fix: >> >> Error: "codesign" failed with following output: >> Test.app: replacing existing signature >> Test.app: code object is not signed at all >> In subcomponent: Test.app/Contents/ReadMe.txt >> >> >> Sample output after fix: >> >> "codesign" failed and additional application content was supplied via the >> "--app-content" parameter. Probably the additional content broke the >> integrity of the application bundle and caused the failure. Ensure content >> supplied via the "--app-content" parameter does not break the integrity of >> the application bundle, or add it in the post-processing step. >> Error: "codesign" failed with following output: >> Test.app: replacing existing signature >> Test.app: code object is not signed at all >> In subcomponent: Test.app/Contents/ReadMe.txt > > Alexander Matveev has updated the pull request incrementally with one > additional commit since the last revision: > > 8332110: jpackage tries to sign added files without the --mac-sign option > [v2] 8332110: jpackage tries to sign added files without the --mac-sign option [v2] - Updated error message as suggested. ------------- PR Comment: https://git.openjdk.org/jdk/pull/19377#issuecomment-2140973262
