On Fri, 24 May 2024 01:08:03 GMT, Alexander Matveev <almat...@openjdk.org> wrote:
> This issue is reproducible with and without `--mac-sign`. jpackage will > "_ad-hoc_" sign application bundle when `--mac-sign` is not specified by > using pseudo-identity "_-_". This is why jpackage tries to sign added files > and this is expected behavior by jpackage. "codesign" fails since added > content made application bundle structure invalid. There is nothing we can do > on jpackage side to sign such invalid bundles. As proposed solution we will > output possible reason for "codesign" failure if it fails and `--app-content` > was specified and possible solution. Proposed message: "One of the possible > reason for "codesign" failure is additional content provided via > "--app-content", which made application bundle structure invalid. Make sure > to provide additional content in a way it will not break application bundle > structure, otherwise add additional content as post-processing step." > > Example: > Lets assume we have "ReadMe" folder with "ReadMe.txt" file in it. > 1) jpackage --type app-image -n Test --app-content ReadMe/ReadMe.txt ... > "codesign" will fail with "In subcomponent: Test.app/Contents/ReadMe.txt". > This is expected and "ReadMe.txt" placed in "Test.app/Contents" which is also > expected. > 2) jpackage --type app-image -n Test --app-content ReadMe ... > Works and "ReadMe.txt" will be placed under "Test.app/Contents/ReadMe". > > Sample output before fix: > > Error: "codesign" failed with following output: > Test.app: replacing existing signature > Test.app: code object is not signed at all > In subcomponent: Test.app/Contents/ReadMe.txt > > > Sample output after fix: > > "codesign" failed and additional application content was supplied via the > "--app-content" parameter. Probably the additional content broke the > integrity of the application bundle and caused the failure. Ensure content > supplied via the "--app-content" parameter does not break the integrity of > the application bundle, or add it in the post-processing step. > Error: "codesign" failed with following output: > Test.app: replacing existing signature > Test.app: code object is not signed at all > In subcomponent: Test.app/Contents/ReadMe.txt This pull request has now been integrated. Changeset: 9fd0e734 Author: Alexander Matveev <almat...@openjdk.org> URL: https://git.openjdk.org/jdk/commit/9fd0e7349ebf4a49b5c0c7a16c866b5b8e626b53 Stats: 39 lines in 6 files changed: 25 ins; 0 del; 14 mod 8332110: [macos] jpackage tries to sign added files without the --mac-sign option Reviewed-by: asemenyuk ------------- PR: https://git.openjdk.org/jdk/pull/19377
