ADDITIONAL SYSTEM INFORMATION :
javac 14.0.1 from adoptopenJDK
jpackage launched through a gradlew script
jpackage installer and image options specified :
A DESCRIPTION OF THE PROBLEM :
I create an unsigned .app and .dmg with Jpackager, and I specify the following parameters :
--icon, --description, --app-version, --vendor, --mac-package-name
.dmg and .app work fine if they are not quarantined.
When this .dmg is downloaded from any website, it gets quarantined by MacOS. Its extraction works correctly and I get a quarantined .app installed.
Launching the .app displays the message :
"xxxxxx.app is damaged and canât be opened, you should move it to the trash"
The problem is that this is not the usual "xxxxxx.app is an app downloaded from the internet. Are you sure you want to open it ?"
MacOS users are used to this message and know how to open it by going to the security center to validate the opening.
But the "damaged message" is much less common, and most of MacOS users donât know they can remove the quarantine attribute with the xattr command.
Once the quarantine attributes are removed, the app launches fine.
I think that Jpackage generates an app structure which somewhere doesnât comply with what MacOS likes. When I create manually the .app from the bin folder (also created by Jpackage, and I add basic Info.plist file etc..), and package it with create-dmg tool, I get a dmg and then a .app opening with the standard "downloaded from the internet" message. It demonstrates that this issue is not related to my app but to the way Jpakager packages it.
A few more infos:
When checking the extended attributes of my manually created .app, quarantined by the download, on any of its files I get:
$ xattr Info.plist
Whereas with the Jpackaged .app quarantined by the download, I only get :
$ xattr Info.plist
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Use jpackage to build and package any java app
Upload the .dmg produced on any web server
Download on a Mac the .dmg and launch it
Install the .app by sliding it from the dmg window to /Applications
Launch the App
EXPECTED VERSUS ACTUAL BEHAVIOR :
The first launch of the app should display the message of this kind:
xxxxxx.app is an app downloaded from the internet. Are you sure you want to open it ? (That is the message I get when app was manually created from the bin folder jlink build, and dmg packaged with create-dmg tool)
The first launch of this app displays :
xxxxxx.app is damaged and canât be opened, you should move it to the trash
CUSTOMER SUBMITTED WORKAROUND :
Ask users to use the xattr command after download, to remove quarantine flags. No other way to open the app.
FREQUENCY : always