> This issue is reproducible with and without `--mac-sign`. jpackage will > "_ad-hoc_" sign application bundle when `--mac-sign` is not specified by > using pseudo-identity "_-_". This is why jpackage tries to sign added files > and this is expected behavior by jpackage. "codesign" fails since added > content made application bundle structure invalid. There is nothing we can do > on jpackage side to sign such invalid bundles. As proposed solution we will > output possible reason for "codesign" failure if it fails and `--app-content` > was specified and possible solution. Proposed message: "One of the possible > reason for "codesign" failure is additional content provided via > "--app-content", which made application bundle structure invalid. Make sure > to provide additional content in a way it will not break application bundle > structure, otherwise add additional content as post-processing step." > > Example: > Lets assume we have "ReadMe" folder with "ReadMe.txt" file in it. > 1) jpackage --type app-image -n Test --app-content ReadMe/ReadMe.txt ... > "codesign" will fail with "In subcomponent: Test.app/Contents/ReadMe.txt". > This is expected and "ReadMe.txt" placed in "Test.app/Contents" which is also > expected. > 2) jpackage --type app-image -n Test --app-content ReadMe ... > Works and "ReadMe.txt" will be placed under "Test.app/Contents/ReadMe". > > Sample output before fix: > > Error: "codesign" failed with following output: > Test.app: replacing existing signature > Test.app: code object is not signed at all > In subcomponent: Test.app/Contents/ReadMe.txt > > > Sample output after fix: > > "codesign" failed and additional application content was supplied via the > "--app-content" parameter. Probably the additional content broke the > integrity of the application bundle and caused the failure. Ensure content > supplied via the "--app-content" parameter does not break the integrity of > the application bundle, or add it in the post-processing step. > Error: "codesign" failed with following output: > Test.app: replacing existing signature > Test.app: code object is not signed at all > In subcomponent: Test.app/Contents/ReadMe.txt
Alexander Matveev has updated the pull request incrementally with one additional commit since the last revision: 8332110: jpackage tries to sign added files without the --mac-sign option [v2] ------------- Changes: - all: https://git.openjdk.org/jdk/pull/19377/files - new: https://git.openjdk.org/jdk/pull/19377/files/0ad02cbb..7c1973ad Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=19377&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=19377&range=00-01 Stats: 9 lines in 6 files changed: 1 ins; 0 del; 8 mod Patch: https://git.openjdk.org/jdk/pull/19377.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/19377/head:pull/19377 PR: https://git.openjdk.org/jdk/pull/19377
