mik3hall at gmail.com
Sat Apr 17 14:37:13 UTC 2021
> On Apr 17, 2021, at 9:14 AM, Michael Hall <mik3hall at gmail.com> wrote:
>> only executables and libraries are signed - this tool running across the whole app will find unsigned files, that would be expected.
> Hmm. ok. Is the jdk separately signed? Would something in copying it change a date or something that would cause the verify to fail on the jdk signature thinking something has changed rather than what you sign for the app?
> ls -l HalfPipe.app/Contents/runtime/Contents
> total 8
> drwxr-xr-x 3 mjh staff 96 Apr 16 19:29 _CodeSignature
OK I think this may be it. For my testing I sort of force the DMG build back to the —install-dir one.
open -Wg HalfPipe-1.0.dmg
cp -r /Volumes/HalfPipe/HalfPipe.app outputdir/HalfPipe.app
diskutil eject HalfPipe
codesign -v outputdir/HalfPipe.app
outputdir/HalfPipe.app: a sealed resource is missing or invalid
If instead I do the proper drag and drop install to the Applications directory.
codesign -v /Applications/HalfPipe.app
No error. So apparently ‘cp’ is not a good idea on a signed application. At least not on a signed java one.
This one can probably be closed permanently.
More information about the core-libs-dev