Hi Michael, > Doesn’t this still leave you with an application that isn’t validly signed? > And probably won’t run because of that. Yes, it will leave you with an application that isn’t signed. I was able to run such application on same machine as it was generated by jpackage.
> For your example. This almost seems like an Apple bug if you can add a > directory to the Contents directory but not a file? Not sure if it is an Apple bug. > Would it also generally be a good idea to include a final codesign verify to > fail the build if something is wrong with the signature? Yes, you already suggested it. See https://bugs.openjdk.org/browse/JDK-8318063 and it was closed as won’t fix because such verification is redundant. Thanks, Alexander From: Michael Hall <mik3h...@gmail.com> Date: Friday, May 24, 2024 at 1:47 AM To: Alexander Matveev <almat...@openjdk.org> Cc: core-libs-dev <core-libs-dev@openjdk.org> Subject: Re: RFR: 8332110: [macos] jpackage tries to sign added files without the --mac-sign option On May 24, 2024, at 3:08 AM, Michael Hall <mik3h...@gmail.com> wrote: On May 23, 2024, at 8:13 PM, Alexander Matveev <almat...@openjdk.org<mailto:almat...@openjdk.org>> wrote: otherwise add additional content as post-processing step. Doesn’t this still leave you with an application that isn’t validly signed? And probably won’t run because of that. 2) jpackage --type app-image -n Test --app-content ReadMe ... For your example. This almost seems like an Apple bug if you can add a directory to the Contents directory but not a file? Sorry I made my prior off-list. Would it also generally be a good idea to include a final codesign verify to fail the build if something is wrong with the signature? Something like… echo '*******************' echo 'verifying signature' echo '*******************' codesign -v --verbose=4 outputdir/HalfPipe.app Expected output… ******************* verifying signature ******************* outputdir/HalfPipe.app: valid on disk outputdir/HalfPipe.app: satisfies its Designated Requirement I think I have suggested this before but don’t remember if I did an enhancement request. Maybe you do that and I’m just not aware of it if it doesn’t appear in the jpackage output.
