[jira] [Commented] (MNG-7172) Warning about signing of libjansi on macOS

[Michael Osipov (Jira)]

    [ 
https://issues.apache.org/jira/browse/MNG-7172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17367562#comment-17367562
 ] 

Michael Osipov commented on MNG-7172:
-------------------------------------

[~rfscholte], do you want to conclude this topic? I would recommend creating a 
new task "Remove expansion of Jansi native libraries" because if you close this 
one out it would seem like with have chosen to sign libraries which we likely 
not going to do.

> Warning about signing of libjansi on macOS
> ------------------------------------------
>
>                 Key: MNG-7172
>                 URL: https://issues.apache.org/jira/browse/MNG-7172
>             Project: Maven
>          Issue Type: Bug
>            Reporter: Konrad Windszus
>            Priority: Blocker
>         Attachments: mng-7172-1.jpg, mng-7172-2.jpg
>
>
> _(Copying from MNG-7165)_
>  
> With the latest SNAPSHOT (downloaded from 
> [https://ci-builds.apache.org/job/Maven/job/maven-box/job/maven/job/master/169/artifact/org/apache/maven/apache-maven/4.0.0-alpha-1-SNAPSHOT/apache-maven-4.0.0-alpha-1-SNAPSHOT-bin.tar.gz])
>  I get
> {code:java}
> ./mvn --version
> Failed to load native library:libjansi.jnilib. osinfo: Mac/x86_64
> java.lang.UnsatisfiedLinkError: 
> /Users/konradwindszus/Downloads/apache-maven/lib/jansi-native/Mac/x86_64/libjansi.jnilib:
>  
> dlopen(/Users/konradwindszus/Downloads/apache-maven/lib/jansi-native/Mac/x86_64/libjansi.jnilib,
>  1): no suitable image found.  Did find:
>       
> /Users/konradwindszus/Downloads/apache-maven/lib/jansi-native/Mac/x86_64/libjansi.jnilib:
>  code signature in 
> (/Users/konradwindszus/Downloads/apache-maven/lib/jansi-native/Mac/x86_64/libjansi.jnilib)
>  not valid for use in process using Library Validation: library load 
> disallowed by system policy
> Apache Maven 4.0.0-alpha-1-SNAPSHOT (371faf7a49298bd1752632c2675aa499fee64667)
> Maven home: /Users/konradwindszus/Downloads/apache-maven
> Java version: 11.0.11, vendor: AdoptOpenJDK, runtime: 
> /Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home
> Default locale: en_DE, platform encoding: UTF-8
> OS name: "mac os x", version: "11.4", arch: "x86_64", family: "mac"
> {code}
> And Mac OS shows a warning {{“libjansi.jnilib” cannot be opened because the 
> developer cannot be verified.}}.
>  Is the last version of JAnsi included in Maven properly signed?
> ----
> Options we have:
> Do nothing
> (+) consistent use of JAnsi for all OSes
> (-) no additional extraction of native libraries
> (-)  Annoying popup + warning for MacOS users (although as intended due to 
> its security policy)
> Exclude lib/jansi-native/osx
> (+) Maven runs without popup/warning 
> (?) no additional extraction of native libraries
> (-) inconsistent use of JAnsi for OSes
> Don't unpack to lib/jansi-native
> (+) consistent use of JAnsi for all OSes
> (-) Maven will have extra overhead for every run due to extracting 
> jansi-native
> Unpack lib/jansi-native on first use
> (+) consistent use of JAnsi for all OSes
> (-) In general we consider conf/ as the only directory that can be changed 
> after installing. Now lib/jansi-native would become a "dynamic" directory.
> Get a signed native library for MacOS
> (+) consistent use of JAnsi for all OSes
> (-) somebody needs to build & sign the JAnsi native lib (requires a Mac and 
> an Apple Developer ID)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)