Hi, NetBeans uses NBPackage to build its PKG installer (not a DMG). This signs all natives, as well as deep signing and repackaging all macOS natives inside JAR files.
See eg. https://github.com/apache/netbeans-nbpackage/blob/master/src/main/java/org/apache/netbeans/nbpackage/macos/AppBundleTask.java#L305 NBPackage will do this for any NetBeans platform application too. Best wishes, Neil On Thu, 3 Oct 2024, 18:37 Thomas Wolf, <tjw...@gmail.com> wrote: > Uh, I actually "misspoke" when I said that JGit uses JNA. It seems that > it works just fine - at least for how my app uses it (clone and pull) - > without the JNA jar. So my app now passes the notarization process. But I > do still wonder what others are doing to insulate themselves from what > appears to be Apple's constant - and unannounced - changes to its > notarization process? > > Best, > Tom > > > > On Oct 3, 2024, at 1:13 PM, Thomas Wolf <tjw...@gmail.com> wrote: > > > > Hi, > > I'll be up-front: this isn't strictly a Netbeans question, but I do > wonder how NB developers handle this situation and, hopefully, get some > ideas about what I can do myself. > > > > Recently, I went through my usual notarization process with my > application (a DMG installer produced by jpackage) only to see the > submission fail. Looking at the log, Apple is now complaining about the > native macOS executables I'm bundling in my application's jar file as well > as the JNA jar that JGit's jar depends on. It seems Apple is getting ever > more watchful on what runs on their Macs. > > > > I was able to get around the notarization failure on my native > executables by simply encrypting them. I know, the 'right' thing to do > would be to actually do the three things Apple now asks for (signing each > executable, providing a secure time stamp, and having them run in a > hardened runtime environment), but I have neither the time nor Mac-specific > knowledge to go down that path. Encrypting those executables will prevent > future snooping by Apple as well. > > > > But what to do about the JGit JNA dependency? I read sometime back that > Netbeans also uses JGit - if that's true, how do the community members that > provide the DMG installer of NB handle this notarization requirement? Or > is there a version of JGit that's pure Java that I could use instead and > avoid the issue altogether? > > > > Thanks in advance, > > Tom > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@netbeans.apache.org > For additional commands, e-mail: users-h...@netbeans.apache.org > > For further information about the NetBeans mailing lists, visit: > https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists > >
