Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question: Per OS examples with code signing #368

Open
3 tasks
ilacc1 opened this issue Oct 29, 2023 · 2 comments
Open
3 tasks

Question: Per OS examples with code signing #368

ilacc1 opened this issue Oct 29, 2023 · 2 comments
Labels
feedback Waiting for feedback

Comments

@ilacc1
Copy link

ilacc1 commented Oct 29, 2023

I'm submitting a…

  • bug report
  • feature request
  • [ *] other

Short description of the issue/suggestion:
Are there code signing examples for linux / mac / windows? This can be rather complex for developers and examples in the documentation show the most basic use case without signing.

  • JavaPackager version: 1.7.5
  • OS version: Windows 10/11, MacOS (11.5+), Rocky 8 & 9, Ubuntu 20, 21, 22
  • JDK version: 17
  • Build tool:
    • [*] Maven
    • Gradle

Other information (e.g. related issues, suggestions how to fix, links for us to have context)

I was able to get windows signing to work fairly easily.
On MacOS, I am scratching my head. A MacOS signing / deployment guide doc would be a huge help. Specifically more info about different launchers and how to handle different architectures would also help. Also why is JP replacing all signatures on all executables?
On Linux, I have no idea where to start. JP doesn't seem to have signing options in the config file for linux so I am guessing this is something to be done after deb / rpms are built?

Thanks !
@fvarrui
Copy link
Owner

fvarrui commented Feb 25, 2024

Hi @ilacc1!

macos

Sorry, but I'm not a MacOS proficient user and also haven't a signing key 😢 ... this feature was partially developed and tested by some contributors and based on Apple documetation. As you can see in JP docs, you must provide next info to sign your ".app":

<macConfig>
   ...
    <!-- signing properties -->
    <developerId>singning identity</developerId>
    <entitlements>path/to/entitlements.plist</entitlements>
    <codesignApp>true|false</codesignApp>
    <hardenedCodesign>true|false</hardenedCodesign>
    <notarizeApp>true|false</notarizeApp>
    <keyChainProfile>xcrun_notarytool_profile_name</keyChainProfile>
    ...
</macConfig>

AFAIK you have to register as an Apple developer to get a signing key ... then you should store/register this key on your Mac and specify the signing key's Developer ID, and then you set this ID in your POM: macConfig.developerId=XYZ.

Also, entitlements are the permissions your app need to run. For a Java app, JP provides a default entitlements file.

And notarization is a process where Apple verifies your application to make sure it has a Developer ID code signature and doesn't contain malicious content.

linux

No one has requested this feature, so it's not implemented in JP.

@fvarrui fvarrui added the feedback Waiting for feedback label Feb 25, 2024
@fvarrui
Copy link
Owner

fvarrui commented Feb 25, 2024

I hope it helps 😃

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feedback Waiting for feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fvarrui @ilacc1