Hi, for the macOS notarization process, all executables and libraries need to be codesigned with hardened runtime (--options runtime) and secure timestamp (--timestamp) enabled. Additionally for the OpenJDK certain entitlements have to be set during codesigning:
* com.apple.security.cs.allow-jit * com.apple.security.cs.allow-unsigned-executable-memory * com.apple.security.cs.disable-executable-page-protection * com.apple.security.cs.allow-dyld-environment-variables * com.apple.security.cs.debugger With this change the macOS codesign tool is being run for all native executables and libraries. Additionally this change introduces a new configure option: --with-macosx-codesign-identity This options allows to specify a codesigning identity stored in the macOS keychain. When this option is not set it falls back to "openjdk_codesign". Thanks, Rene
