[
https://issues.apache.org/jira/browse/MNG-7172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17364106#comment-17364106
]
Guillaume Nodet commented on MNG-7172:
--------------------------------------
Actually, I do work on OSX, but the libraries themselves are built on docker
images using cross compilation. If the signing is done in a later phase, that
would be doable, but I think [~mthmulders] is right pointing that Jansi is not
part of the ASF, so the signing should be done inside the Maven project somehow
rather than the Jansi project directly.
There may be some misunderstanding about why native libs are extracted. If I
read correctly, the original driver was to avoid cluttering the temp folder
with extracted native libraries. This is no longer the case with Jansi 2.x.
However, there's still the cost of the extraction, which imho is quite low.
> Warning about signing of libjansi on macOS
> ------------------------------------------
>
> Key: MNG-7172
> URL: https://issues.apache.org/jira/browse/MNG-7172
> Project: Maven
> Issue Type: Improvement
> Reporter: Konrad Windszus
> Priority: Blocker
> Attachments: mng-7172-1.jpg, mng-7172-2.jpg
>
>
> _(Copying from MNG-7165)_
>
> With the latest SNAPSHOT (downloaded from
> [https://ci-builds.apache.org/job/Maven/job/maven-box/job/maven/job/master/169/artifact/org/apache/maven/apache-maven/4.0.0-alpha-1-SNAPSHOT/apache-maven-4.0.0-alpha-1-SNAPSHOT-bin.tar.gz])
> I get
> {code:java}
> ./mvn --version
> Failed to load native library:libjansi.jnilib. osinfo: Mac/x86_64
> java.lang.UnsatisfiedLinkError:
> /Users/konradwindszus/Downloads/apache-maven/lib/jansi-native/Mac/x86_64/libjansi.jnilib:
>
> dlopen(/Users/konradwindszus/Downloads/apache-maven/lib/jansi-native/Mac/x86_64/libjansi.jnilib,
> 1): no suitable image found. Did find:
>
> /Users/konradwindszus/Downloads/apache-maven/lib/jansi-native/Mac/x86_64/libjansi.jnilib:
> code signature in
> (/Users/konradwindszus/Downloads/apache-maven/lib/jansi-native/Mac/x86_64/libjansi.jnilib)
> not valid for use in process using Library Validation: library load
> disallowed by system policy
> Apache Maven 4.0.0-alpha-1-SNAPSHOT (371faf7a49298bd1752632c2675aa499fee64667)
> Maven home: /Users/konradwindszus/Downloads/apache-maven
> Java version: 11.0.11, vendor: AdoptOpenJDK, runtime:
> /Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home
> Default locale: en_DE, platform encoding: UTF-8
> OS name: "mac os x", version: "11.4", arch: "x86_64", family: "mac"
> {code}
> And Mac OS shows a warning {{“libjansi.jnilib” cannot be opened because the
> developer cannot be verified.}}.
> Is the last version of JAnsi included in Maven properly signed?
> ----
> Options we have:
> Do nothing
> (+) consistent use of JAnsi for all OSes
> (-) no additional extraction of native libraries
> (-) Annoying popup + warning for MacOS users (although as intended due to
> its security policy)
> Exclude lib/jansi-native/osx
> (+) Maven runs without popup/warning
> (?) no additional extraction of native libraries
> (-) inconsistent use of JAnsi for OSes
> Don't unpack to lib/jansi-native
> (+) consistent use of JAnsi for all OSes
> (-) Maven will have extra overhead for every run due to extracting
> jansi-native
> Unpack lib/jansi-native on first use
> (+) consistent use of JAnsi for all OSes
> (-) In general we consider conf/ as the only directory that can be changed
> after installing. Now lib/jansi-native would become a "dynamic" directory.
> Get a signed native library for MacOS
> (+) consistent use of JAnsi for all OSes
> (-) somebody needs to build & sign the JAnsi native lib (requires a Mac and
> an Apple Developer ID)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
