JDK-8271868 : Warn user when using mac-sign option with unsigned app-image.
  • Type: Bug
  • Component: tools
  • Sub-Component: jpackage
  • Affected Version: 16,17,18
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: os_x
  • Submitted: 2021-08-04
  • Updated: 2021-09-16
  • Resolved: 2021-08-06
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 17 JDK 18
17Fixed 18 b10Fixed
Related Reports
Cloners :  
JDK-8273593 - [REDO] Warn user when using mac-sign option with unsigned app-image.
Relates :  
JDK-8273593 - [REDO] Warn user when using mac-sign option with unsigned app-image.
Relates :  
JDK-8273592 - Backout JDK-8271868
Description
When jpackage is building a dmg or pkg bundle in two phases (that is, building an app-image type first and then using that app-image to build dmg or pkg bundle), and if signing is used, the --mac-sign option may be needed in both phases.
Though not strictly an error (you can build a signed pkg containing an unsigned app-image, or an unsigned pkg containing a signed app-image) the result could not be notarized, as both package and app-image needs to be signed to pass notarization.

We have had at least one user wondering why notarization failed in such a case, So this issue proposes to add a warning message when an unsigned app-image is used to build a bundle using --mac-sign option.
Comments
Even though the backout of this fix, JDK-8273592, was synced into jdk mainline from jdk17, and is listed as fixed in 18, that backout commit was accompanied by a sync (forward port) of the commit for this original bug (it was backported to 17, mistakenly, and synced into jdk along with the backout fix). The net is that the following commits are in jdk mainline for JDK 18: commit 0aca4f72ce48bc75f2c466d1cba4ad70d3c7b875 Date: Fri Aug 6 12:24:58 2021 +0000 8271868: Warn user when using mac-sign option with unsigned app-image. ---- commit a37254c79fa5973465d90f4b52ab88fe68016c9f Date: Thu Sep 9 19:31:35 2021 +0000 8271868: Warn user when using mac-sign option with unsigned app-image. commit 4afbcaf55383ec2f5da53282a1547bac3d099e9d Date: Fri Sep 10 14:17:45 2021 +0000 8273592: Backout JDK-8271868 ---- The last two canceled each other out, so this fix is actual in JDK 18 and does not need to be redone.
10-09-2021
Changeset: a37254c7 Author: Andy Herrick <herrick@openjdk.org> Date: 2021-09-09 19:31:35 +0000 URL: https://git.openjdk.java.net/jdk/commit/a37254c79fa5973465d90f4b52ab88fe68016c9f
10-09-2021
Fix request (17u) : simple fix usefull to jpackage users on mac. fix needed in 17 for clean backport of JDK-8272639
02-09-2021
Changeset: 0aca4f72 Author: Andy Herrick <herrick@openjdk.org> Date: 2021-08-06 12:24:58 +0000 URL: https://git.openjdk.java.net/jdk/commit/0aca4f72ce48bc75f2c466d1cba4ad70d3c7b875
06-08-2021
when the options --app-image and --mac-sign are both used we will look at the application launcher in the given app-image and determine if it is signed. If not, a warning message will be displayed.
04-08-2021