On Fri, 25 Oct 2024 01:49:01 GMT, Alexander Matveev <almat...@openjdk.org> wrote:
> - It is not clear on which macOS versions codesign fails if application > bundle contains additional content. > - As a result test was modified to generate only application image, since PKG > or DMG cannot be generated if signing fails. Exit code of jpackage is > ignored, but generated application image will be checked for additional > content. > - This change is for macOS only. > - Previous implementation of test (forcing expected exist code to 1) was not > doing anything useful, since we never checked if additional content was > copied or not. It might be possible that "codesign --display -vvvv" does not check signature well enough as notarization. If I am reading issue correctly signed app-image is being generated, then it will be post-process and then it is used to generate DMG. See https://github.com/JabRef/jabref/pull/13032. In this case we will package app-image as is since we will assume it is signed. See [JDK-8293462](https://bugs.openjdk.org/browse/JDK-8293462). My suggestion is to generate unsigned image if post-processing is required or sign application image separately after it was modified. See [JDK-8286850](https://bugs.openjdk.org/browse/JDK-8286850). ------------- PR Comment: https://git.openjdk.org/jdk/pull/21698#issuecomment-2848240659
