On Tue, 29 Apr 2025 11:35:29 GMT, Oliver Kopp <d...@openjdk.org> wrote:
>> - It is not clear on which macOS versions codesign fails if application >> bundle contains additional content. >> - As a result test was modified to generate only application image, since >> PKG or DMG cannot be generated if signing fails. Exit code of jpackage is >> ignored, but generated application image will be checked for additional >> content. >> - This change is for macOS only. >> - Previous implementation of test (forcing expected exist code to 1) was not >> doing anything useful, since we never checked if additional content was >> copied or not. > > Google directed me here. We updated from JDK23 to JDK24 > > We have > > --app-content buildres/mac/jabrefHost.py > > JDK23: Without any issue > > JDK24: > > > "codesign" failed and additional application content was supplied via the > "--app-content" parameter. Probably the additional content broke the > integrity of the application bundle and caused the failure. Ensure content > supplied via the "--app-content" parameter does not break the integrity of > the application bundle, or add it in the post-processing step. > [10:08:52.963] Running /usr/bin/xcrun > [10:08:52.973] Command [PID: 9939]: > /usr/bin/xcrun --help > [10:08:52.973] Output: > Usage: xcrun [options] <tool name> ... arguments ... > > Find and execute the named command line tool from the active developer > directory. > > The active developer directory can be set using `xcode-select`, or via the > DEVELOPER_DIR environment variable. See the xcrun and xcode-select manual > pages for more information. > > Options: > -h, --help show this help message and exit > --version show the xcrun version > -v, --verbose show verbose logging output > --sdk <sdk name> find the tool for the given SDK name > --toolchain <name> find the tool for the given toolchain > -l, --log show commands to be executed (with --run) > -f, --find only find and print the tool path > -r, --run find and execute the tool (the default > behavior) > -n, --no-cache do not use the lookup cache > -k, --kill-cache invalidate all existing cache entries > --show-sdk-path show selected SDK install path > --show-sdk-version show selected SDK version > --show-sdk-build-version show selected SDK build version > --show-sdk-platform-path show selected SDK platform path > --show-sdk-platform-version show selected SDK platform version > [10:08:52.974] Returned: 0 > > Error: "codesign" failed with following output: > /var/folders/gn/rldh9pd93qg48089gvgb1gb80000gn/T/jdk.jpackage3854937683320166432/images/image-16322408788641963111/JabRef.app: > replacing existing signature > /var/folders/gn/rldh9pd93qg48089gvgb1gb80000gn/T/jdk.jpackage3854937683320166432/images/image-16322408788641963111/JabRef.app: > code object is not signed at all > In subcomponent: > /private/var/folders/gn/rldh9pd93qg48089gvgb1gb80000gn/T/jdk.jpackage3854937683320166... @koppor, We had a very similar issue in one of jpackage tests when we tried to copy random files in the "Contents" directory. See a comment at [AppContentTest.java#L62](https://github.com/openjdk/jdk/blob/edf8ce8db10521037045115f4cb9569a1477a40a/test/jdk/tools/jpackage/share/AppContentTest.java#L62). It turned out that you can have only "Info.plist" file in the "Contents" directory. Any other files should be placed in the "Contents/Resources" directory instead. This aligns with Apple's recommendations for bundle directory structure - https://developer.apple.com/library/archive/documentation/CoreFoundation/Conceptual/CFBundles/BundleTypes/BundleTypes.html#//apple_ref/doc/uid/10000123i-CH101-SW19 jpackage is not quite compliant with these recommendations, as it places the Java runtime in the "Contents/runtime" directory and the application jar files in the "Contents/app" directory. The justification is that this is legacy behavior originating from the JFX's jpackager. Fortunately, this hasn't caused problems so far. Bottom line: don't copy files or directories with periods (.) in their names to the "Contents" directory. Copy them to the "Contents/Resources" directory instead. Otherwise, codesign will fail. ------------- PR Comment: https://git.openjdk.org/jdk/pull/21698#issuecomment-2838942773
