On Fri, 24 May 2024 01:08:03 GMT, Alexander Matveev <almat...@openjdk.org> wrote:
> This issue is reproducible with and without `--mac-sign`. jpackage will > "_ad-hoc_" sign application bundle when `--mac-sign` is not specified by > using pseudo-identity "_-_". This is why jpackage tries to sign added files > and this is expected behavior by jpackage. "codesign" fails since added > content made application bundle structure invalid. There is nothing we can do > on jpackage side to sign such invalid bundles. As proposed solution we will > output possible reason for "codesign" failure if it fails and `--app-content` > was specified and possible solution. Proposed message: "One of the possible > reason for "codesign" failure is additional content provided via > "--app-content", which made application bundle structure invalid. Make sure > to provide additional content in a way it will not break application bundle > structure, otherwise add additional content as post-processing step." > > Example: > Lets assume we have "ReadMe" folder with "ReadMe.txt" file in it. > 1) jpackage --type app-image -n Test --app-content ReadMe/ReadMe.txt ... > "codesign" will fail with "In subcomponent: Test.app/Contents/ReadMe.txt". > This is expected and "ReadMe.txt" placed in "Test.app/Contents" which is also > expected. > 2) jpackage --type app-image -n Test --app-content ReadMe ... > Works and "ReadMe.txt" will be placed under "Test.app/Contents/ReadMe". > > Sample output before fix: > > Error: "codesign" failed with following output: > Test.app: replacing existing signature > Test.app: code object is not signed at all > In subcomponent: Test.app/Contents/ReadMe.txt > > > Sample output after fix: > > One of the possible reason for "codesign" failure is additional content > provided via "--app-content", which made application bundle structure > invalid. Make sure to provide additional content in a way it will not break > application bundle structure, otherwise add additional content as > post-processing step. > Error: "codesign" failed with following output: > Test.app: replacing existing signature > Test.app: code object is not signed at all > In subcomponent: Test.app/Contents/ReadMe.txt @alexeysemenyukoracle please review ------------- PR Comment: https://git.openjdk.org/jdk/pull/19377#issuecomment-2136148629
