> 3. re-sign the content manually with > > # Sign the final artifact > codesign --force --deep --sign "Developer ID Application: JabRef > e.V. (6792V39SK3)" \ > --entitlements buildres/mac/jabref.entitlements \ > --options runtime --timestamp build/distribution/JabRef.app >
Possibly I missed something if this was the fix. I don’t remember any issues with the existing signing when I tried notarization. I do see… --deep (DEPRECATED for signing as of macOS 13.0) When I man codesign. I’m also a little curious how you came up with the —options runtime. I’m not familiar and even after looking at the man I’m not quite sure what it's purpose is. Make the requirements extra strict exempted by entitlements maybe? Also why you decided to use —timestamp? I looked to see if jpackage uses any options like this but verbose output only shows codesign being invoked, many times, and not with what parameters. If this is sufficient, or required, for a valid, notarizable application, maybe jpackage could be simplified to just do an invocation like yours at the end rather than the numerous invocations it appears to do.
