Open Siedlerchr opened 1 year ago
CC @gdams as our resident signing expert
Sorry for the delay. I found the core issue. I used jlink in a separare step before to generate the runtime app image. And used that as input for jpackage. Turns out that jpackage then does not do any signing. And jlink neither.
Instead I needed to call jpackage to create the image with all the jlink options. Then code sign is run and notarization works.
That was not really understandable from the docs @koppor can you post the command we now use
Our jpackage call:
/jpackage \
--module org.jabref/org.jabref.cli.Launcher \
--module-path ${{env.JDK21}}/Contents/Home/jmods/:build/jlinkbase/jlinkjars \
--add-modules org.jabref,org.jabref.merged.module \
--dest build/distribution \
--name JabRef \
--app-version ${{ steps.gitversion.outputs.Major }}.${{ steps.gitversion.outputs.Minor }} \
--verbose \
--mac-sign \
--vendor JabRef \
--mac-package-identifier Jabref \
--mac-package-name JabRef \
--type dmg --mac-signing-key-user-name "JabRef e.V. (6792V39SK3)" \
--mac-package-signing-prefix org.jabref \
--mac-entitlements buildres/mac/jabref.entitlements \
--icon src/main/resources/icons/jabref.icns \
--resource-dir buildres/mac \
--file-associations buildres/mac/bibtexAssociations.properties \
--jlink-options --bind-services
Source: https://github.com/JabRef/jabref/blob/fix-notary-tool/.github/workflows/deployment-arm64.yml - Note that in the concrete setting, we use a self-compiled JDK (which integrates https://github.com/openjdk/jdk/pull/14408). Howver, @Siedlerchr used Temurin on his local machine.
@Siedlerchr Which docs were you following?
We are marking this issue as stale because it has not been updated for a while. This is just a way to keep the support issues queue manageable. It will be closed soon unless the stale label is removed by a committer, or a new comment is made.
@Siedlerchr & @koppor - I think this is a case of sending Oracle a note to improve their docs. I'll see if I can raise an issue with them.
Please provide a brief summary of the bug
I am building an application with jpackage and notarization fails. The last time I got it working was on jdk17. JDK 19 also fails and jdk 20 as well: I don't know whether this is a jdk bug in jpackage or something at temurin is not signed at all correctly.
Signing works etc. codesign reports all fine, but on submitting for notarization I get errros (I also tested with a simple zip file of the app)
Please provide steps to reproduce where possible
I have set up a sample application for reproducing the case: https://github.com/Siedlerchr/testnotarization
Expected Results
Notarization is successful
Actual Results
Notarization fails
What Java Version are you using?
openjdk version "20.0.1" 2023-04-18 OpenJDK Runtime Environment Temurin-20.0.1+9 (build 20.0.1+9) OpenJDK 64-Bit Server VM Temurin-20.0.1+9 (build 20.0.1+9, mixed mode)
What is your operating system and platform?
macos Ventura 13.4 (22F66) on arm64
How did you install Java?
sdkman
Did it work before?
Did you test with the latest update version?
No response
Did you test with other Java versions?
Relevant log output