Sorry to take so long to get back to you - I read this a week ago and I
postponed reply till I could investigate some of the many points here.
Now a week later I still haven't found the time to do that so I will at
least reply to what I do know now :
First question is what OS version are you using ?
To submit to the mac app store, everything must be signed with special
certificate "3rd Party Mac ..." certificate from apple. The "Developer
ID Application" and "Developer ID Installer" certificates can only be
used for Distributing outside of the mac app store, though you can still
notarize such signed apps.
I don't myself have a "3rd Party Mac ..." type certificate, but I have
been able to sign and notarize test apps with jpackage using the
Developer ID certs I do have. This step is required to post app on web
where it can be downloaded and run on other machines running MacOS
Catalina or later. I would suggest getting this to work first, as all
you other should apply to this environment.
The entitlements used come from OpenJDK in
open/make/data/macosxsigning/default.plist, but the can be fully
customized by using the custom resource mechanism: create directory
"resources", add file "<app-name>.entitlements", run jpackage with
"--resource-dir resources" options.
The problem running app with "./" has been filed and a fix is pending,
but you can run the same app with full path or in the same dir with just
"<app-name>" instead of "./<app-name>"
I have not been able to reproduce any of the other problems you allude
to below, but without a "3rd Party Mac ..." type cert I really don't
know which further complaints from app store are meaningful.
If you get a Mac Store cert, I did add code in JDK16 that if
mac-signing-user-name starts with "3rd Party" then it will just use it
as the full cert name instead of pre-pending "Developer ID Application:
" or "Developer ID Installer: ".
/Andy
On 1/24/2021 9:28 AM, John Crowley wrote:
Hi All,
Have been having a problem trying to use jpackage to sign an app and submit it
to the Apple Store.
Attached are the following:
— the script which invokes jpackage. Note that the attached ’…txt’ files show
the values for all of the variables.
— the output of this script
— the output of the script running with —verbose
To try to summarize all of the attached:
Trying to create a signed DiskOrganizer-x.y.z.pkg to upload to the Apple Store.
The problem is with mac-sign and the attempt to load to the Apple Store.
Otherwise, have successfully created .app, .pkg, and .dmg versions and they all
execute/install as expected on my Mac (except as noted directly below in (4)).
This attempt used the jpackage in JDK 16-ea, build 31. Had essentially the same
results using JDK 15.0.1
Not shown in the attached is that if you try to manually start by going to
DiskOrganizer/Contents/MacOS and execute ./DiskOrganizer directly, it fails with — Error
opening
"/Applications/DiskOrganizer.app/Contents/Contents/app/DiskOrganizer.cfg" file:
No such file or directory — Note the ../Contents/Contents/app… Can fix this after
installation by putting in a symlink: ln -s . Contents within the Contents directory.
The last step of the pkg1.sh script invokes xcrun altool —validate-app to
validate, comments on these specific errors:
jpackage generates the Info.plist - some errors from this follow. Tried to make
a copy of Info.plist, fix it, and then copy back into the .app, but this then
invalidates the signature from —mac-sign.
Key LSApplicationCategoryType contains Unknown. Probably need a jpackage
—mac-category <type> to allow the user to set this.
Installer package may not include install scripts. No idea where such scripts
may be located. There are no scripts in the ./inputs directory. Maybe in the
runtime created by jlink?
The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean
value of true in the entitlements property list: [(
"DiskOrganizer-app.pkg/Payload/DiskOrganizer.app/Contents/MacOS/DiskOrganizer",
"DiskOrganizer-app.pkg/Payload/DiskOrganizer.app/Contents/runtime/Contents/Home/lib/jspawnhelper"
Probably need an —mac-entitlements <file> option in order to add this, and any other app-specific
entitlements, to the code signing step.
Ensure that it is signed with your "3rd Party Mac Developer Installer" certificate. Don’t
understand this - have assumed that the default was to use the Developer ID Application and
Developer ID Installer certs (which are in my keychain). Are the "3rd Party …" certs also
needed?
Error in keyPath [product-metadata.product-identifier] — No idea where this
resides. Do you know?
Error in keyPath [product-metadata.product-version — Ditto
The lowest minimum system version [none] in the Product Definition Property List — ..
does not equal 10.9 (from the Info.plist). Any idea where this gets set on the Apple
side? Is it supposed to be somewhere within the .pkg? Maybe need a —mac-min-version
<x.y.z> keyword?
Cannot find executable file that matches the value of CFBundleExecutable in the
nested bundle DiskOrganizer
[DiskOrganizer-app.pkg/Payload/DiskOrganizer.app/Contents/app] property list
file.) — No idea what this means. The generated .pkg does in fact install OK on
my machine, and /Applications/DiskOrganizer.app launches OK with a double-click.
For Apple Store you have a Version (<key>CFBundleShortVersionString</key>) which would be
set by —app-version and is the version visible to the user. But can also have a
<key>CFBundleVersion</key> which is really the build number. This must be 3 numbers
separated by periods and must change for each upload to the store. So would be good to be able to set
—app-version 1.0 and —app-build 1.0.4 (or —mac-build) to be able to set both values. Otherwise the end
user will see things like 1.0.23 (it took 23 uploads to make it through the Apple Store process) -
which will be confusing.
Sorry for the length of this email, but have been messing around for well over
a week with no success. Also tried using jpackage without the —mac-sign,
running 'codesign' directly, etc. Still have not found the magic wand to make
this all work.
Would appreciate any suggestions. Would love to hear "You’re doing it wrong, use
this set of jpackage options"!
Otherwise, suggestions or pointers to any on-line documents that would help would be
great. (Have been Googling everything about this, but almost all of the
"answers" assume that you are using Xcode and tell you what parameters to set -
nothing about the resulting in-the-trenches process that Xcode then executes.)
Thanks,
John Crowley
Charlotte, NC
203-856-2396
j.crow...@computer.org
