Re: jpackage problem submitting to Apple Store

2021-02-01 Thread Michael Hall 



> On Feb 1, 2021, at 9:02 AM, Andy Herrick  wrote:
> 
> This step is required to post app on web where it can be downloaded and run 
> on other machines running MacOS Catalina or later. 

This is probably all I’d be looking at for now. I’m looking at an app I wrote a 
year or two back with downloaded images and sounds. I read somewhere Apple 
rejected someone’s app because they couldn’t prove something they used was 
public domain. I am sure I couldn’t prove that for everything I used.

Re: jpackage problem submitting to Apple Store

2021-02-01 Thread Andy Herrick 
Sorry to take so long to get back to you - I read this a week ago and I 
postponed reply till I could investigate some of the many points here.  
Now a week later I still haven't found the time to do that so I will at 
least reply to what I do know now :


First question is what OS version are you using ?

To submit to the mac app store, everything must be signed with special 
certificate "3rd Party Mac ..." certificate from apple. The "Developer 
ID Application" and "Developer ID Installer" certificates can only be 
used for Distributing outside of the mac app store, though you can still 
notarize such signed apps.


I don't myself have a "3rd Party Mac ..." type certificate, but I have 
been able to sign and notarize test apps with jpackage using the 
Developer ID certs I do have.  This step is required to post app on web 
where it can be downloaded and run on other machines running MacOS 
Catalina or later.  I would suggest getting this to work first, as all 
you other should apply to this environment.


The entitlements used come from OpenJDK in 
open/make/data/macosxsigning/default.plist, but the can be fully 
customized by using the custom resource mechanism: create directory 
"resources", add file ".entitlements", run jpackage with 
"--resource-dir resources" options.


The problem running app with "./" has been filed and a fix is pending, 
but you can run the same app with full path or in the same dir with just 
"" instead of "./"


I have not been able to reproduce any of the other problems you allude 
to below, but without a "3rd Party Mac ..." type cert I really don't 
know which further complaints from app store are meaningful.


If you get a Mac Store cert, I did add code in JDK16 that if 
mac-signing-user-name starts with "3rd Party" then it will just use it 
as the full cert name instead of pre-pending "Developer ID Application: 
" or "Developer ID Installer: ".


/Andy

On 1/24/2021 9:28 AM, John Crowley wrote:

Hi All,

Have been having a problem trying to use jpackage to sign an app and submit it 
to the Apple Store.

Attached are the following:
— the script which invokes jpackage. Note that the attached ’…txt’ files show 
the values for all of the variables.
— the output of this script
— the output of the script running with —verbose

To try to summarize all of the attached:
Trying to create a signed DiskOrganizer-x.y.z.pkg to upload to the Apple Store.
The problem is with mac-sign and the attempt to load to the Apple Store. 
Otherwise, have successfully created .app, .pkg, and .dmg versions and they all 
execute/install as expected on my Mac (except as noted directly below in (4)).
This attempt used the jpackage in JDK 16-ea, build 31. Had essentially the same 
results using JDK 15.0.1
Not shown in the attached is that if you try to manually start by going to 
DiskOrganizer/Contents/MacOS and execute ./DiskOrganizer directly, it fails with — Error 
opening 
"/Applications/DiskOrganizer.app/Contents/Contents/app/DiskOrganizer.cfg" file: 
No such file or directory — Note the ../Contents/Contents/app… Can fix this after 
installation by putting in a symlink: ln -s . Contents within the Contents directory.

The last step of the pkg1.sh script invokes xcrun altool —validate-app to 
validate, comments on these specific errors:
jpackage generates the Info.plist - some errors from this follow. Tried to make 
a copy of Info.plist, fix it, and then copy back into the .app, but this then 
invalidates the signature from —mac-sign.
Key LSApplicationCategoryType contains Unknown. Probably need a jpackage 
—mac-category  to allow the user to set this.
Installer package may not include install scripts. No idea where such scripts 
may be located. There are no scripts in the ./inputs directory. Maybe in the 
runtime created by jlink?
The following executables must include the "com.apple.security.app-sandbox" entitlement with a Boolean 
value of true in the entitlements property list: [( 
"DiskOrganizer-app.pkg/Payload/DiskOrganizer.app/Contents/MacOS/DiskOrganizer", 
"DiskOrganizer-app.pkg/Payload/DiskOrganizer.app/Contents/runtime/Contents/Home/lib/jspawnhelper"   
Probably need an —mac-entitlements  option in order to add this, and any other app-specific 
entitlements, to the code signing step.
Ensure that it is signed with your "3rd Party Mac Developer Installer" certificate. Don’t 
understand this - have assumed that the default was to use the Developer ID Application and 
Developer ID Installer certs (which are in my keychain). Are the "3rd Party …" certs also 
needed?
Error in keyPath [product-metadata.product-identifier] — No idea where this 
resides. Do you know?
Error in keyPath [product-metadata.product-version — Ditto
The lowest minimum system version [none] in the Product Definition Property List — .. 
does not equal 10.9 (from the Info.plist). Any idea where this gets set on the Apple 
side? Is it supposed to be somewhere within the .pkg? Maybe need a —mac-min-version 
 keyword?
Cannot find

Re: jpackage problem submitting to Apple Store

2021-01-25 Thread John Crowley 
Trying again. Changed the name of pkg1.sh to just pkg1 in case email is 
dropping any executable attachment.

John Crowley
Charlotte, NC
203-856-2396
j.crow...@computer.org





> On Jan 24, 2021, at 9:20 PM, Michael Hall  wrote:
> 
> 
> 
>> On Jan 24, 2021, at 8:28 AM, John Crowley  wrote:
>> 
>> Hi All,
>> 
>> Have been having a problem trying to use jpackage to sign an app and submit 
>> it to the Apple Store.
>> 
>> Attached are the following:
> 
> No attachments that I’m seeing.
>

Re: jpackage problem submitting to Apple Store

2021-01-25 Thread John Crowley 
As an alternate, a link to Google Drive - 
https://drive.google.com/drive/folders/1SgLhlovuH2x18gRh-ffhZCHVeXt1AOXo?usp=sharing
 


Thanks,

John Crowley
Charlotte, NC
203-856-2396
j.crow...@computer.org






> On Jan 24, 2021, at 9:20 PM, Michael Hall  wrote:
> 
> 
> 
>> On Jan 24, 2021, at 8:28 AM, John Crowley  wrote:
>> 
>> Hi All,
>> 
>> Have been having a problem trying to use jpackage to sign an app and submit 
>> it to the Apple Store.
>> 
>> Attached are the following:
> 
> No attachments that I’m seeing.
>

Re: jpackage problem submitting to Apple Store

2021-01-25 Thread Michael Hall 



> On Jan 25, 2021, at 6:36 AM, John Crowley  wrote:
> 
> As an alternate, a link to Google Drive - 
> https://drive.google.com/drive/folders/1SgLhlovuH2x18gRh-ffhZCHVeXt1AOXo?usp=sharing
>  
> 
> 

The attachments are there

Re: jpackage problem submitting to Apple Store

2021-01-24 Thread Michael Hall 



> On Jan 24, 2021, at 8:28 AM, John Crowley  wrote:
> 
> Hi All,
> 
> Have been having a problem trying to use jpackage to sign an app and submit 
> it to the Apple Store.
> 
> Attached are the following:

No attachments that I’m seeing.

jpackage problem submitting to Apple Store

2021-01-24 Thread John Crowley 
Hi All,

Have been having a problem trying to use jpackage to sign an app and submit it 
to the Apple Store.

Attached are the following:
— the script which invokes jpackage. Note that the attached ’…txt’ files show 
the values for all of the variables.
— the output of this script
— the output of the script running with —verbose

To try to summarize all of the attached:
Trying to create a signed DiskOrganizer-x.y.z.pkg to upload to the Apple Store.
The problem is with mac-sign and the attempt to load to the Apple Store. 
Otherwise, have successfully created .app, .pkg, and .dmg versions and they all 
execute/install as expected on my Mac (except as noted directly below in (4)).
This attempt used the jpackage in JDK 16-ea, build 31. Had essentially the same 
results using JDK 15.0.1
Not shown in the attached is that if you try to manually start by going to 
DiskOrganizer/Contents/MacOS and execute ./DiskOrganizer directly, it fails 
with — Error opening 
"/Applications/DiskOrganizer.app/Contents/Contents/app/DiskOrganizer.cfg" file: 
No such file or directory — Note the ../Contents/Contents/app… Can fix this 
after installation by putting in a symlink: ln -s . Contents within the 
Contents directory.

The last step of the pkg1.sh script invokes xcrun altool —validate-app to 
validate, comments on these specific errors:
jpackage generates the Info.plist - some errors from this follow. Tried to make 
a copy of Info.plist, fix it, and then copy back into the .app, but this then 
invalidates the signature from —mac-sign.
Key LSApplicationCategoryType contains Unknown. Probably need a jpackage 
—mac-category  to allow the user to set this.
Installer package may not include install scripts. No idea where such scripts 
may be located. There are no scripts in the ./inputs directory. Maybe in the 
runtime created by jlink?
The following executables must include the "com.apple.security.app-sandbox" 
entitlement with a Boolean value of true in the entitlements property list: [( 
"DiskOrganizer-app.pkg/Payload/DiskOrganizer.app/Contents/MacOS/DiskOrganizer", 
"DiskOrganizer-app.pkg/Payload/DiskOrganizer.app/Contents/runtime/Contents/Home/lib/jspawnhelper"
   Probably need an —mac-entitlements  option in order to add this, and 
any other app-specific entitlements, to the code signing step.
Ensure that it is signed with your "3rd Party Mac Developer Installer" 
certificate. Don’t understand this - have assumed that the default was to use 
the Developer ID Application and Developer ID Installer certs (which are in my 
keychain). Are the "3rd Party …" certs also needed?
Error in keyPath [product-metadata.product-identifier] — No idea where this 
resides. Do you know?   
Error in keyPath [product-metadata.product-version — Ditto
The lowest minimum system version [none] in the Product Definition Property 
List — .. does not equal 10.9 (from the Info.plist). Any idea where this gets 
set on the Apple side? Is it supposed to be somewhere within the .pkg? Maybe 
need a —mac-min-version  keyword?
Cannot find executable file that matches the value of CFBundleExecutable in the 
nested bundle DiskOrganizer 
[DiskOrganizer-app.pkg/Payload/DiskOrganizer.app/Contents/app] property list 
file.) — No idea what this means. The generated .pkg does in fact install OK on 
my machine, and /Applications/DiskOrganizer.app launches OK with a double-click.
For Apple Store you have a Version (CFBundleShortVersionString) 
which would be set by —app-version and is the version visible to the user. But 
can also have a CFBundleVersion which is really the build number. 
This must be 3 numbers separated by periods and must change for each upload to 
the store. So would be good to be able to set —app-version 1.0 and —app-build 
1.0.4 (or —mac-build) to be able to set both values. Otherwise the end user 
will see things like 1.0.23 (it took 23 uploads to make it through the Apple 
Store process) - which will be confusing.

Sorry for the length of this email, but have been messing around for well over 
a week with no success. Also tried using jpackage without the —mac-sign, 
running 'codesign' directly, etc. Still have not found the magic wand to make 
this all work.

Would appreciate any suggestions. Would love to hear "You’re doing it wrong, 
use this set of jpackage options"! 

Otherwise, suggestions or pointers to any on-line documents that would help 
would be great. (Have been Googling everything about this, but almost all of 
the "answers" assume that you are using Xcode and tell you what parameters to 
set - nothing about the resulting in-the-trenches process that Xcode then 
executes.)

Thanks,

John Crowley
Charlotte, NC
203-856-2396
j.crow...@computer.org