This issue is reproducible with and without `--mac-sign`. jpackage will "_ad-hoc_" sign application bundle when `--mac-sign` is not specified by using pseudo-identity "_-_". This is why jpackage tries to sign added files and this is expected behavior by jpackage. "codesign" fails since added content made application bundle structure invalid. There is nothing we can do on jpackage side to sign such invalid bundles. As proposed solution we will output possible reason for "codesign" failure if it fails and `--app-content` was specified and possible solution. Proposed message: "One of the possible reason for "codesign" failure is additional content provided via "--app-content", which made application bundle structure invalid. Make sure to provide additional content in a way it will not break application bundle structure, otherwise add additional content as post-processing step."
Example: Lets assume we have "ReadMe" folder with "ReadMe.txt" file in it. 1) jpackage --type app-image -n Test --app-content ReadMe/ReadMe.txt ... "codesign" will fail with "In subcomponent: Test.app/Contents/ReadMe.txt". This is expected and "ReadMe.txt" placed in "Test.app/Contents" which is also expected. 2) jpackage --type app-image -n Test --app-content ReadMe ... Works and "ReadMe.txt" will be placed under "Test.app/Contents/ReadMe". Sample output before fix: Error: "codesign" failed with following output: Test.app: replacing existing signature Test.app: code object is not signed at all In subcomponent: Test.app/Contents/ReadMe.txt Sample output after fix: One of the possible reason for "codesign" failure is additional content provided via "--app-content", which made application bundle structure invalid. Make sure to provide additional content in a way it will not break application bundle structure, otherwise add additional content as post-processing step. Error: "codesign" failed with following output: Test.app: replacing existing signature Test.app: code object is not signed at all In subcomponent: Test.app/Contents/ReadMe.txt ------------- Commit messages: - 8332110: jpackage tries to sign added files without the --mac-sign option Changes: https://git.openjdk.org/jdk/pull/19377/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=19377&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8332110 Stats: 38 lines in 6 files changed: 24 ins; 0 del; 14 mod Patch: https://git.openjdk.org/jdk/pull/19377.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/19377/head:pull/19377 PR: https://git.openjdk.org/jdk/pull/19377
