You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{
"severity": "error",
"code": null,
"path": "Jiotty_Photos_Uploader-2.0.3.dmg/Jiotty Photos Uploader.app/Contents/app/conscrypt-openjdk-uber-2.5.1.jar/META-INF/native/libconscrypt_openjdk_jni-osx-x86_64.dylib",
"message": "The binary is not signed.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "Jiotty_Photos_Uploader-2.0.3.dmg/Jiotty Photos Uploader.app/Contents/app/conscrypt-openjdk-uber-2.5.1.jar/META-INF/native/libconscrypt_openjdk_jni-osx-x86_64.dylib",
"message": "The signature does not include a secure timestamp.",
"docUrl": null,
"architecture": "x86_64"
},
It makes jpackage tool's sign functionality unusable as is. I have to apply complex workarounds during build time like unpacking conscrypt jar, signing binaries, re-packing, and re-packaging.
it would be very convenient if conscrypt jars contained native libraries that were properly signed by Apple in the first place.
The text was updated successfully, but these errors were encountered:
Sounds eminently sensible but we'll probably need to figure out some bureaucracy first as I think we'll need to sign it with a Google owned key rather than any personally owned one.
Is there any movement on this? One of my transitive dependencies uses conscrypt (itself a transitive dependency) and I have to unpack multiple layers of jars to resign the dylibs in this artefact. To say it is a massive PITA is putting it mildly.
MacOS is not a server platform. This means majority of apps using conscrypt will be desktop apps. You can’t distribute a desktop app without it being signed. This means that releasing an unsigned conscrypt macOS binary makes it unusable in the majority of use cases. This must be a high-priority fix.
My project https://github.com/ylexus/jiotty-photos-uploader uses https://github.com/google/java-photoslibrary which transitively depends on conscrypt jars. When I use openjdk jpackage utility to create a distributable package (.dmg in case of macOS), it fails to get notarized by Apple with these errors:
It makes jpackage tool's sign functionality unusable as is. I have to apply complex workarounds during build time like unpacking conscrypt jar, signing binaries, re-packing, and re-packaging.
it would be very convenient if conscrypt jars contained native libraries that were properly signed by Apple in the first place.
The text was updated successfully, but these errors were encountered: