JDK-8299793 : jpackage runs "codesign --remove-signature" on OSX when signing is not enabled
  • Type: Enhancement
  • Component: tools
  • Sub-Component: jpackage
  • Affected Version: 19
  • Priority: P3
  • Status: Closed
  • Resolution: Cannot Reproduce
  • OS: os_x
  • CPU: x86_64
  • Submitted: 2023-01-04
  • Updated: 2023-04-04
  • Resolved: 2023-04-04
Related Reports
Relates :  
JDK-8276837 - [macos]: Error when signing the additional launcher
Description
ADDITIONAL SYSTEM INFORMATION :
OS X 12 
jdk 19 and 17 tested

A DESCRIPTION OF THE PROBLEM :
In MacAppImageBuilder :: signAppBundle(...)
https://github.com/openjdk/jdk/blob/master/src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/MacAppImageBuilder.java

It can be seen that it:
1. unsigns everything
2.  if (signingIdentity != null) { do the signing }

Why this was noticed:
In an app we have chromium bundled. We have jpackage codesign disabled. Jpackage is trying to unsign a chromium framework file. The unsign fails on Chromium Framework with reason "bundle format unrecognized, invalid, or unsuitable"

History:
In the original release of jdk 17, jpackage skipped unsigning some files which can be seen in this diff https://github.com/openjdk/jdk/commit/7696897932a35708b1632517127c1a3a59919878

--remove-signature was only run 
if ((p.toString().contains("/Contents/runtime")) || (p.toString().contains("/Contents/Frameworks"))) { 
This check would skip the unsign of the "Chromium Framework" file that is now failing. 

In short:
should "--remove-signature" be skipped if code signing is not enabled? Or maybe something like "--skip-remove-signature"  should be a flag on jpackage?
Comments
In short: should "--remove-signature" be skipped if code signing is not enabled? Or maybe something like "--skip-remove-signature" should be a flag on jpackage? Answer: No, we should not skip "--remove-signature". If we producing unsigned bundle we should remove signature from everything in order to produce fully unsigned bundle. I do not see any use cases for "--skip-remove-signature", if we add it, then we will produce partially signed app-images. If for some reason it is required, then app image can be created without signature and then signed components can be added. Unsigned app image can be modified if needed, since it is unsigned.
04-04-2023
I was able to reproduce it with JDK 19, but cannot reproduce it with JDK 20. Please re-open this issue if it still reproducible on latest JDK.
04-04-2023
The diff https://github.com/openjdk/jdk/commit/7696897932a35708b1632517127c1a3a59919878 relates to https://bugs.openjdk.org/browse/JDK-8276837
09-01-2023