Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8263156

[macos]: OS X application signing concerns - a sealed resource is missing or invalid

    XMLWordPrintable

    Details

    • Subcomponent:
    • CPU:
      x86_64
    • OS:
      os_x

      Description

      ADDITIONAL SYSTEM INFORMATION :
      macOS Catalina 10.15.7

      openjdk version "15.0.2" 2021-01-19
      OpenJDK Runtime Environment (build 15.0.2+7-27)
      OpenJDK 64-Bit Server VM (build 15.0.2+7-27, mixed mode, sharing)

      WARNING: Using incubator modules: jdk.incubator.jpackage
      15.0.2

      A DESCRIPTION OF THE PROBLEM :
      codesign verification of signatures indicates errors

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Signed application with...

      --mac-sign \
      --mac-signing-key-user-name "Michael Hall"



      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      The signed applications would codesign verify without error.
      ACTUAL -
      This is used to verify...
      codesign --verify --verbose <application path>

      HalfPipe.app: a sealed resource is missing or invalid
      file modified: /Users/mjh/HalfPipe/HalfPipe_jpkg/outputdir/HalfPipe.app/Contents/runtime/Contents/Home/legal/java.management.rmi/LICENSE
      file modified: /Users/mjh/HalfPipe/HalfPipe_jpkg/outputdir/HalfPipe.app/Contents/runtime/Contents/Home/legal/java.management.rmi/ADDITIONAL_LICENSE_INFO
      file modified: /Users/mjh/HalfPipe/HalfPipe_jpkg/outputdir/HalfPipe.app/Contents/runtime/Contents/Home/legal/java.management.rmi/ASSEMBLY_EXCEPTION
      file modified: /Users/mjh/HalfPipe/HalfPipe_jpkg/outputdir/HalfPipe.app/Contents/runtime/Contents/Home/legal/java.se/LICENSE
      file modified: /Users/mjh/HalfPipe/HalfPipe_jpkg/outputdir/HalfPipe.app/Contents/runtime/Contents/Home/legal/java.se/ADDITIONAL_LICENSE_INFO
      file modified: /Users/mjh/HalfPipe/HalfPipe_jpkg/outputdir/HalfPipe.app/Contents/runtime/Contents/Home/legal/java.se/ASSEMBLY_EXCEPTION
      file modified: /Users/mjh/HalfPipe/HalfPipe_jpkg/outputdir/HalfPipe.app/Contents/runtime/Contents/Home/legal/java.security.jgss/LICENSE
      file modified: /Users/mjh/HalfPipe/HalfPipe_jpkg/outputdir/HalfPipe.app/Contents/runtime/Contents/Home/legal/java.security.jgss/ADDITIONAL_LICENSE_INFO
      file modified: /Users/mjh/HalfPipe/HalfPipe_jpkg/outputdir/HalfPipe.app/Contents/runtime/Contents/Home/legal/java.security.jgss/ASSEMBLY_EXCEPTION
      ...
      and many more about the same.



      ---------- BEGIN SOURCE ----------
      See above jpackage invocations
      ---------- END SOURCE ----------

      CUSTOMER SUBMITTED WORKAROUND :
      This is not currently causing me any problems. I mainly wanted to see if the application would correctly display that I had signed it ( codesign -d -vvv ) , which it does seem to do.
      I came across the codesign verification invocation which indicated the reported errors.

      FREQUENCY : always


        Attachments

          Activity

            People

            Assignee:
            herrick Andy Herrick (Inactive)
            Reporter:
            webbuggrp Webbug Group
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: