jpackage calling codesign

I'm new to Mac and packaging and signing, but I've come a long way. I've got a Developer ID and a code signing certificate. I want to package a Java app and first of all distribute it from my website, not AppStore. my jpackage call is this:

[ ! -d smalljre ] && jlink -p /usr/lib/jvm/java-17-openjdk-amd64/jmods --add-modules java.base,java.desktop --output ./smalljre

jpackage --verbose
--input build
--main-jar i2brain.jar
--name i2Brain
--app-version 3.3.2
--type app-image
--runtime-image ./smalljre

I know I will need to sign the app, see below.

The output:

Mac-mini:FromUbuntu johnmac$ ./run_jpackage 

[14:56:32.358] Creating app package: i2Brain.app in /Users/johnmac/Downloads/FromUbuntu

[14:56:32.656] Using default package resource JavaApp.icns [icon] (add i2Brain.icns to the resource-dir to customize).

[14:56:32.658] Preparing Info.plist: /Users/johnmac/Downloads/FromUbuntu/i2Brain.app/Contents/Info.plist.

[14:56:32.660] Using default package resource Info-lite.plist.template [Application Info.plist] (add Info.plist to the resource-dir to customize).

[14:56:32.669] Using default package resource Runtime-Info.plist.template [Java Runtime Info.plist] (add Runtime-Info.plist to the resource-dir to customize).

[14:56:32.684] Running /usr/bin/codesign

[14:56:32.717] Running /usr/bin/codesign

[14:56:32.790] Running /usr/bin/codesign

[14:56:32.883] Running /usr/bin/codesign

[14:56:32.945] Running /usr/bin/codesign

[14:56:33.008] Running /usr/bin/codesign

[14:56:33.071] Running /usr/bin/codesign

[14:56:33.141] Running /usr/bin/codesign

[14:56:37.061] Running /usr/bin/codesign

[14:56:37.121] java.io.IOException: Command [/usr/bin/codesign, --remove-signature, /Users/johnmac/Downloads/FromUbuntu/i2Brain.app/Contents/runtime/Contents/Home/lib/libjava.dylib] exited with 1 code

at jdk.jpackage/jdk.jpackage.internal.Executor.executeExpectSuccess(Executor.java:90)

at jdk.jpackage/jdk.jpackage.internal.IOUtils.exec(IOUtils.java:215)

at jdk.jpackage/jdk.jpackage.internal.MacAppImageBuilder.lambda$signAppBundle$38(MacAppImageBuilder.java:740)

at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)

< ---snip--- > 

at jdk.jpackage/jdk.jpackage.main.Main.execute(Main.java:91)

at jdk.jpackage/jdk.jpackage.main.Main.main(Main.java:52)

[14:56:37.128] java.io.IOException: Command [/usr/bin/codesign, --remove-signature, /Users/johnmac/Downloads/FromUbuntu/i2Brain.app/Contents/runtime/Contents/Home/lib/libjava.dylib] exited with 1 code

at jdk.jpackage/jdk.jpackage.internal.Executor.executeExpectSuccess(Executor.java:90)

at jdk.jpackage/jdk.jpackage.internal.IOUtils.exec(IOUtils.java:215)

at jdk.jpackage/jdk.jpackage.internal.MacAppImageBuilder.lambda$signAppBundle$38(MacAppImageBuilder.java:740)

at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)

at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179)

at java.base/java.util.stream.ReferencePipeline$15$1.accept(ReferencePipeline.java:541)

at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)

at java.base/java.util.Iterator.forEachRemaining(Iterator.java:133)

at java.base/java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1845)

at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)

at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)

at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)

at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)

at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)

at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:596)

at jdk.jpackage/jdk.jpackage.internal.MacAppImageBuilder.signAppBundle(MacAppImageBuilder.java:719)

at jdk.jpackage/jdk.jpackage.internal.MacAppImageBuilder.doSigning(MacAppImageBuilder.java:382)

at jdk.jpackage/jdk.jpackage.internal.MacAppImageBuilder.prepareApplicationFiles(MacAppImageBuilder.java:333)

at jdk.jpackage/jdk.jpackage.internal.AppImageBundler.createAppBundle(AppImageBundler.java:172)

at jdk.jpackage/jdk.jpackage.internal.AppImageBundler.execute(AppImageBundler.java:91)

at jdk.jpackage/jdk.jpackage.internal.Arguments.generateBundle(Arguments.java:674)

at jdk.jpackage/jdk.jpackage.internal.Arguments.processArguments(Arguments.java:551)

at jdk.jpackage/jdk.jpackage.main.Main.execute(Main.java:91)

at jdk.jpackage/jdk.jpackage.main.Main.main(Main.java:52)

[14:56:37.129] jdk.jpackage.internal.PackagerException: java.io.IOException:

and more of the same.

My questions:

  1. Am I doing something wrong which causes codesign to be called without me mentioning signing? (I do get an i2Brain.app folder, (which is far too big.))

2)When I've got his running, am I correct in thinking I have to then package the i2Brain.app folder I get? Do I use package for that, or a different tool? 3) When I add the following line to my jpackage call, part of the output implies my certificate is ok. See below. So, what is going on? TIA! :-)

--mac-sign --mac-signing-key-user-name "John Boyd-Rainey"

[15:18:31.016] Creating app package: i2Brain.app in /Users/johnmac/Downloads/FromUbuntu

[15:18:31.313] Using default package resource JavaApp.icns [icon] (add i2Brain.icns to the resource-dir to customize).

[15:18:31.314] Preparing Info.plist: /Users/johnmac/Downloads/FromUbuntu/i2Brain.app/Contents/Info.plist.

[15:18:31.315] Using default package resource Info-lite.plist.template [Application Info.plist] (add Info.plist to the resource-dir to customize).

[15:18:31.325] Using default package resource Runtime-Info.plist.template [Java Runtime Info.plist] (add Runtime-Info.plist to the resource-dir to customize).

[15:18:31.331] Using default package resource entitlements.plist [Mac Entitlements] (add i2Brain.entitlements to the resource-dir to customize).

[15:18:31.337] Running /usr/bin/codesign

[15:18:31.359] Running /usr/bin/codesign

[15:18:31.823] Running /usr/bin/codesign

[15:18:31.885] Running /usr/bin/codesign

[15:18:32.164] Running /usr/bin/codesign

[15:18:32.222] java.io.IOException: Command [/usr/bin/codesign, --remove-signature, /Users/johnmac/Downloads/FromUbuntu/i2Brain.app/Contents/runtime/Contents/Home/bin/keytool] exited with 1 code

... and as before.

Replies

These questions seem very specific to the specific third-party tools you’re using. You might find better answers by asking in their support channels, where you’re more likely to find folks with relevant expertise.

Am I doing something wrong which causes codesign to be called without me mentioning signing?

Looking at the specific error:

[14:56:37.128] java.io.IOException: Command [/usr/bin/codesign, --remove-signature, /Users/johnmac/Downloads/FromUbuntu/i2Brain.app/Contents/runtime/Contents/Home/lib/libjava.dylib] exited with 1 code

It seems that your tool has called codesign with the --remove-signature option, so it’s not adding a signature but removing one. I don’t find that particularly wonky. It’s likely that the tool developer decided to remove their signature from the library to simplify the process of you adding your signature later on. It’s a bit weird, but certainly understandable.

When I've got his running, am I correct in thinking I have to then package the i2Brain.app folder I get? Do I use package for that, or a different tool?

That’s really up to you. There are three common distribution packaging schemes for macOS apps:

  • Zip archive

  • Disk image (.dmg)

  • Installer package (.pkg)

Each has their own pros and cons. My only specific advice on this front is that you not use an installer package unless you are installing stuff other than a standalone app. Installer packages are harder to create and, for standalone apps, tend to trigger the spidey sense of advanced users.

For specific advice on how to create these things, see Packaging Mac Software for Distribution. You might also find Creating Distribution-Signed Code for Mac interesting, but it seems like your third-party tools have that part of this problem in hand.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"