Home > Blockchain >  Apple MacOS app notarisation fails due to libjli.dylib in temurin jdk
Apple MacOS app notarisation fails due to libjli.dylib in temurin jdk

Time:01-25

Upgraded jdk from 13 to temurin-17, builds no longer successfully notarize with Apple.

The libjli seems to be known to be problematical and much reading seems to refer always to remove all extended attributes before signing (xattr -cr) however this doesn't change the outcome, Apple still complain as follows:

      "path": "DrumScoreEditor-2.92.dmg/DrumScoreEditor.app/Contents/runtime/Contents/MacOS/libjli.dylib",
      "message": "The signature of the binary is invalid.",
      "docUrl": null,
      "architecture": "x86_64"

Build process hasn't changed (other than to add in the xattr) remains as:

$JAVA_HOME/bin/jlink --output runtime --add-modules java.base,java.desktop,java.datatransfer,java.prefs,java.xml,jdk.xml.dom --strip-native-commands

$JAVA_HOME/bin/jpackage \
  --type app-image \
  --dest bundles \
  -i build \
  -n DrumScoreEditor \
  --main-class org.whiteware.DrumScoreEditor \
  --main-jar DrumScoreEditor-$VERSION.jar \
  --app-version $VERSION \
  --runtime-image runtime \
  --copyright "Copyright (c) 2022 Alan R. White" \
  --vendor "drumscore.scot" \
  --file-associations autobuild/filetypes.txt \
  --resource-dir package/macosx

xattr -cr bundles/DrumScoreEditor.app

codesign --force --deep \
    --options runtime \
    --timestamp \
    --prefix org.whiteware.DrumScoreEditor \
    --entitlements autobuild/entitlements.txt \
    --sign "Developer ID Application: Alan White (XXXXXXXXXX)" \
    bundles/DrumScoreEditor.app

$JAVA_HOME/bin/jpackage \
  --type dmg \
  --dest bundles \
  -n DrumScoreEditor \
  --app-image bundles/DrumScoreEditor.app \
  --mac-package-identifier org.whiteware.DrumScoreEditor \
  --copyright "Copyright (c) 2022 Alan R. White" \
  --vendor "drumscore.scot" \
  --app-version $VERSION \
  --file-associations autobuild/filetypes.txt

xcrun altool --notarize-app \
etc

Has anyone successfully notarized a java app with temurin, and if so help spot where I'm going wrong please?

CodePudding user response:

Simplifying the build process resolved the issue, specifically letting jpackage do the signing itself. Verbose mode shows how it's taking care of the signing on a per-file basis, removing any existing signature first.

$JAVA_HOME/bin/jpackage \
  --dest bundles \
  --input build \
  --name DrumScoreEditor \
  --main-class org.whiteware.DrumScoreEditor \
  --main-jar DrumScoreEditor-$VERSION.jar \
  --add-modules java.base,java.desktop,java.datatransfer,java.prefs,java.xml,java.logging \
  --app-version $VERSION \
  --copyright "Copyright (c) 2022 Alan R. White" \
  --vendor "drumscore.scot" \
  --file-associations autobuild/filetypes.txt \
  --mac-sign \
  --mac-package-signing-prefix org.whiteware.DrumScoreEditor \
  --mac-signing-key-user-name "Alan White (XXXXXXXXXX)" \
  --mac-package-name "Drum Score Editor" \
  --mac-entitlements autobuild/entitlements.txt \
  --resource-dir package/macosx \
  --verbose

Page link:https//www.codepudding.com/Blockchain/275445.html

Prev:How can I to make upload of file maintain your original `Content Type` to Amazon S3?
Next:Is it possible for a sandboxed Mac app to write to the global defaults domain?
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding