On Fri, 28 Feb 2025 at 09:11, Michael Bien <mbie...@gmail.com> wrote: > On 27.02.25 11:49, Neil C Smith wrote: > > Personally, I have doubts that a .pkg without JDK is the right > > approach anyway. It is better IMO that a .pkg contains a JDK that is > > signed and notarized as one artefact. > > I don't mind either way. I think both approaches are fine, while the > all-in-one bundle with latest JDK is certainly the most convenient option for > users.
To be clear, that point has nothing to do with which approach either of us thinks is fine or most convenient to users. It's down to what Apple will allow to run or pass notarization, and so actually be usable by users. The code is deep signed by NBPackage (including all the native libs, even those in JARs) with the entitlements that the application requires. https://developer.apple.com/documentation/security/hardened-runtime Do anything not allowed by the permissions and the application is forcefully terminated. The default permission set for NBPackage does include https://developer.apple.com/documentation/bundleresources/entitlements/com.apple.security.cs.disable-library-validation OK, for now, although with some caveats. Bundling a JDK using NBPackage will re-sign the JDK with the same Team ID and entitlements as the rest of the application. That is still the preferable situation IMO. macOS isn't the only OS moving in this direction. Personally I think if you want to use a JDK of your choice, you use the zip and you link it up yourself, if you want a package then it should be self contained. For me, that includes the DEB and RPM, because distro JDK packages can sometimes be "interesting"! Better than they were, mind you - I remember an early distro OpenJDK that had multiple concurrent EDTs. :-) Best wishes, Neil --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@netbeans.apache.org For additional commands, e-mail: dev-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
