fvarrui
commented
9 months ago Hi @nemqooo! Sorry for my late reply. Could you share your POM, please?
Closed nemqooo closed 3 months ago
fvarrui
commented
9 months ago Hi @nemqooo! Sorry for my late reply. Could you share your POM, please?
nemqooo
commented
9 months ago Hi Francisco,
thank you for getting back to me on this, really do appreciate it! Please find attached the POM from the project.  Thank you.
Norbert
Dňa 23. 2. 2024 o 13:37, Francisco Vargas Ruiz @.***> napísal:
Hi @nemqooo https://github.com/nemqooo! Sorry for my late reply. Could you share your POM, please?
— Reply to this email directly, view it on GitHub https://github.com/fvarrui/JavaPackager/issues/387#issuecomment-1961253281, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFC5QI6BUPD76TURZWKTEETYVCEP7AVCNFSM6AAAAABBFOPLMOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRRGI2TGMRYGE. You are receiving this because you were mentioned.
fvarrui
commented
9 months ago Hi Francisco, thank you for getting back to me on this, really do appreciate it! Please find attached the POM from the project.  Thank you. Norbert … Dňa 23. 2. 2024 o 13:37, Francisco Vargas Ruiz @.***> napísal: Hi @nemqooo https://github.com/nemqooo! Sorry for my late reply. Could you share your POM, please? — Reply to this email directly, view it on GitHub <#387 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFC5QI6BUPD76TURZWKTEETYVCEP7AVCNFSM6AAAAABBFOPLMOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRRGI2TGMRYGE. You are receiving this because you were mentioned.
Hi Norbert! Sorry, but there's no POM attached. 😮
nemqooo
commented
9 months ago Hi Francisco, thank you for getting back to me on this, really do appreciate it! Please find attached the POM from the project.  Thank you. Norbert … Dňa 23. 2. 2024 o 13:37, Francisco Vargas Ruiz @.***> napísal: Hi @nemqooo https://github.com/nemqooo! Sorry for my late reply. Could you share your POM, please? — Reply to this email directly, view it on GitHub <#387 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFC5QI6BUPD76TURZWKTEETYVCEP7AVCNFSM6AAAAABBFOPLMOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRRGI2TGMRYGE. You are receiving this because you were mentioned.
Hi Norbert! Sorry, but there's no POM attached. 😮
Yeah sorry, the extract from POM already attached. Thank you 😊
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.1.0</version>
<relativePath/>
</parent>
<groupId>com.accute</groupId>
<artifactId>Invoiceline</artifactId>
<version>1.6.6-SNAPSHOT</version>
<name>InvoiceLine</name>
<description>Test</description>
<properties>
<java.version>21</java.version>
<maven.compiler.source>21</maven.compiler.source>
<maven.compiler.target>21</maven.compiler.target>
<javafx.version>21</javafx.version>
<javafx.maven.plugin.version>0.0.8</javafx.maven.plugin.version>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.openjfx</groupId>
<artifactId>javafx-maven-plugin</artifactId>
<version>0.0.8</version>
<configuration>
<mainClass>com.accute.invoiceline.Invoiceline</mainClass>
</configuration>
</plugin>
<plugin>
<groupId>io.github.fvarrui</groupId>
<artifactId>javapackager</artifactId>
<version>1.7.5</version>
<executions>
<execution>
<id>bundling-for-macos</id>
<phase>package</phase>
<goals>
<goal>package</goal>
</goals>
<configuration>
<platform>mac</platform>
<name>InvoiceLine</name>
<organizationName>accute</organizationName>
<version>1.6.6</version>
<mainClass>com.accute.invoiceline.Invoiceline</mainClass>
<bundleJre>true</bundleJre>
<customizedJre>false</customizedJre>
<iconFile>src/main/resources/favicon_mac.icns</iconFile>
<vmArgs>-Xmx1g -XX:+UseG1GC -Dprism.dirtyopts=false -Dsun.java2d.metal=true</vmArgs>
<additionalResources>
<additionalResource>src/main/resources</additionalResource>
</additionalResources>
<modules>
<module>javafx.controls</module>
<module>javafx.fxml</module>
</modules>
<macConfig>
<appId>Invoiceline</appId>
<developerId>my-developer-email@gmail.com</developerId>
<codesignApp>true</codesignApp>
<hardenedCodesign>true</hardenedCodesign>
<notarizeApp>true</notarizeApp>
<keyChainProfile>accute</keyChainProfile>
<iconSize>100</iconSize>
<appsLinkIconY>210</appsLinkIconY>
<iconY>210</iconY>
<backgroundImage>src/main/resources/installer.png</backgroundImage>
<icnsFile>src/main/resources/favicon_mac.icns</icnsFile>
<generateDmg>true</generateDmg>>
<generatePkg>false</generatePkg>
<volumeIcon>src/main/resources/favicon_mac.icns</volumeIcon>
<volumeName>InvoiceLine</volumeName>
</macConfig>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>21</source>
<target>21</target>
<compilerArgs>--enable-preview</compilerArgs>
</configuration>
</plugin>
</plugins>
</build>
</project>Your POM seems to be fine, so I need more info. Please, could you share all JP output? JP logs a meesage each time it executes an external tool like "codesign" ... files reported by Apple when notarizing are in that list?
nemqooo
commented
9 months ago Your POM seems to be fine, so I need more info. Please, could you share all JP output? JP logs a meesage each time it executes an external tool like "codesign" ... files reported by Apple when notarizing are in that list?
Sure, there is a JP output (extract) together with the .json log from Apples notarytool. All the errors are with the same reason -> The binary is not signed with a valid Developer ID certificate. The issue seems to be with the packager not signing the files, since, during the packaging a bunch of errors relating to signing the files appear. Is it me missing something?
[INFO] Executing command: /bin/sh -c cd '/Users/norbertgalik/Documents/invoiceline/.' && 'codesign' -f --timestamp -s email@gmail.com /Users/norbertgalik/Documents/invoiceline/target/InvoiceLine/InvoiceLine.app/Contents/PlugIns/jre.jre/Contents/Home/lib/libmanagement.dylib
[ERROR] /Users/norbertgalik/Documents/invoiceline/target/InvoiceLine/InvoiceLine.app/Contents/PlugIns/jre.jre/Contents/Home/lib/libmanagement.dylib: replacing existing signature
[INFO] Executing command: /bin/sh -c cd '/Users/norbertgalik/Documents/invoiceline/.' && 'codesign' -f --timestamp -s email@gmail.com /Users/norbertgalik/Documents/invoiceline/target/InvoiceLine/InvoiceLine.app/Contents/PlugIns/jre.jre/Contents/Home/lib/libgstreamer-lite.dylib
[ERROR] /Users/norbertgalik/Documents/invoiceline/target/InvoiceLine/InvoiceLine.app/Contents/PlugIns/jre.jre/Contents/Home/lib/libgstreamer-lite.dylib: replacing existing signature
[INFO] Executing command: /bin/sh -c cd '/Users/norbertgalik/Documents/invoiceline/.' && 'codesign' -f --timestamp -s email@gmail.com /Users/norbertgalik/Documents/invoiceline/target/InvoiceLine/InvoiceLine.app/Contents/PlugIns/jre.jre/Contents/Home/lib/libjsound.dylib
[ERROR] /Users/norbertgalik/Documents/invoiceline/target/InvoiceLine/InvoiceLine.app/Contents/PlugIns/jre.jre/Contents/Home/lib/libjsound.dylib: replacing existing signature
[INFO] Executing command: /bin/sh -c cd '/Users/norbertgalik/Documents/invoiceline/.' && 'codesign' -f --timestamp -s email@gmail.com /Users/norbertgalik/Documents//invoiceline/target/InvoiceLine/InvoiceLine.app/Contents/PlugIns/jre.jre/Contents/Home/lib/libjfxwebkit.dylib
[ERROR] /Users/norbertgalik/Documents/invoiceline/target/InvoiceLine/InvoiceLine.app/Contents/PlugIns/jre.jre/Contents/Home/lib/libjfxwebkit.dylib: replacing existing signature[INFO] Current status: In Progress.........................
[INFO] Current status: In Progress..........................
[INFO] Current status: In Progress...........................
[INFO] Current status: In Progress............................
[INFO] Current status: In Progress.............................
[INFO] Current status: In Progress..............................
[INFO] Current status: In Progress...............................
[INFO] Current status: In Progress................................
[INFO] Current status: Invalid.................................Processing complete
[INFO] id: 2ce2e22c-c735-4ace-8f7f-22c56ca3f445
[INFO] status: Invalid
[INFO]
[INFO] Executing command: /bin/sh -c cd '/Users/norbertgalik/invoiceline/.' && 'xcrun' stapler staple /Users/norbertgalik/Documents//invoiceline/target/InvoiceLine/InvoiceLine.app
[INFO] Processing: /Users/norbertgalik/Documents//invoiceline/target/InvoiceLine/InvoiceLine.app
[INFO] CloudKit query for InvoiceLine.app (2/684f33420e8871fb88470dba837e26e8c3d2aa20) failed due to "Record not found".
[INFO] Could not find base64 encoded ticket in response for 2/684f33420e8871fb88470dba837e26e8c3d2aa20
[INFO] The staple and validate action failed! Error 65.{
"logFormatVersion": 1,
"jobId": "2ce2e22c-c735-4ace-8f7f-22c56ca3f445",
"status": "Invalid",
"statusSummary": "Archive contains critical validation errors",
"statusCode": 4000,
"archiveFilename": "InvoiceLine.app-notarization.zip",
"uploadDate": "2024-02-25T20:00:18.641Z",
"sha256": "8a57cbb995ccc4028ee9308bc2b89035d11689ad241f6919e8b64a7e37a577c2",
"ticketContents": null,
"issues": [
{
"severity": "error",
"code": null,
"path": "InvoiceLine.app-notarization.zip/InvoiceLine.app/Contents/PlugIns/jre.jre/Contents/Home/bin/jwebserver",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "InvoiceLine.app-notarization.zip/InvoiceLine.app/Contents/PlugIns/jre.jre/Contents/Home/bin/jarsigner",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "InvoiceLine.app-notarization.zip/InvoiceLine.app/Contents/PlugIns/jre.jre/Contents/Home/bin/jfr",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
"architecture": "x86_64"
Please, try to run next command to check if the app is properly signed:
codesign -dv --verbose=4 /Users/norbertgalik/Documents/invoiceline/target/InvoiceLine/InvoiceLine.appNot sure, but maybe the The binary is not signed with a valid Developer ID certificate message is related to replacing existing signature error when codesigning files. All those are JRE's binary files.
nemqooo
commented
9 months ago The app seems to be signed by the certificate from Apple (hashes adjusted). I have once again checked all the errors from the notary tool, you are right, most of them relate to JRE files. However, at the end, there is also one error related to the app package The signature does not include a secure timestamp.
{
"severity": "error",
"code": null,
"path": "InvoiceLine.app-notarization.zip/InvoiceLine.app/Contents/Resources/Java/Invoiceline-1.6.6-SNAPSHOT-runnable.jar/libJTouchID.dylib",
"message": "The signature does not include a secure timestamp.",
"docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733",
"architecture": "x86_64"
}Executable=/Users/norbertgalik/Documents/invoiceline/target/InvoiceLine/InvoiceLine.app/Contents/MacOS/universalJavaApplicationStub
Identifier=Invoiceline
Format=bundle with generic
CodeDirectory v=20200 size=267 flags=0x10000(runtime) hashes=1+5 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=fdec0e33e3f0asdasf2341d4cc1812970feac74d
CandidateCDHashFull sha1=fdec0e34233fasf098fd4cc1812970feac74d
CandidateCDHash sha256=684f33420e8871fb88470d533FAS8c3d2aa20
CandidateCDHashFull sha256=684f33420e8871fb88470db43DAFCsdasdrw8c3d2aa206b8470b58adb6add3d37fsfd53ac
Hash choices=sha1,sha256
CMSDigest=6f8df9ef591c05ef69ae28f604e15eef5a0f79032ae3f5219d97fa8124162b
CMSDigestType=2
Page size=none
CDHash=68123412das3420e8871fb88470dba837e26e8c3gsdc0
Signature size=9183
Authority=Apple Development: email@gmail.com (XXXXXXXXX)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Timestamp=25 Feb 2024 at 20:58:58
Info.plist entries=19
TeamIdentifier=XXXXXXXXX
Sealed Resources version=2 rules=13 files=163
Internal requirements count=2 size=236If anyone would have issues with this, I have managed to solve the issue:
Now the app is signed and notarized successfully.
Thanks
fvarrui
commented
2 months ago Thanks @nemqooo for your comments ... I'm sure they will be very useful to other developers. 🤗
I'm submitting a…
Short description of the issue/suggestion: The binaries within the app bundle seem to be not signed by the Developer ID certificate. The hardened codesign is turned on together with it's notarization, correct keyChainProfile is entered. The app is being uploaded to Apple, however, the content is not signed.
pom setup
notarization result
preview of the result log from Apple
What is the expected behavior? Returned success result from the Apple Notarization API
What is the current behavior? Invalid status is being returned
Please tell us about your environment: