This months macos java app build failed saying codesign returned 1 signing libnet.dylib Taking a copy of libnet.dylib and attempting the same codesign command as jpackage it says Already Signed.
This is one of those apparent "worked fine last month and changed nothing" scenarios. Yes the app java source code has changed, but the build script hasn't, nor has the jdk version.
Any clues where to start looking next much appreciated.
Here's the redacted jpackage command
$JAVA_HOME/bin/jpackage --verbose \
--dest bundles \
--input build \
--name DrumScoreEditor \
--main-class org.whiteware.DrumScoreEditor \
--main-jar DrumScoreEditor_$VERSION.jar \
--add-modules java.base,java.desktop,java.datatransfer,java.prefs,java.xml,java.logging \
--java-options "--add-opens java.desktop/com.apple.eawt.event=ALL-UNNAMED" \
--app-version $VERSION \
--copyright "Copyright (c) 2023 Alan R. White" \
--vendor "drumscore.scot" \
--file-associations autobuild/filetypes.txt \
--mac-sign \
--mac-package-signing-prefix org.whiteware.DrumScoreEditor \
--mac-signing-key-user-name "Alan White (REDACTED)" \
--mac-package-name "Drum Score Editor" \
--mac-entitlements autobuild/entitlements.txt \
--resource-dir package/macosx
The error ...
[17:50:24.874] Running /usr/bin/codesign
[17:50:25.526] java.io.IOException: Command [/usr/bin/codesign, -s, Developer ID Application: Alan White (REDACTED), -vvvv, --timestamp, --options, runtime, --prefix, org.whiteware.DrumScoreEditor, /var/folders/70/dxx7_3xn7kq1wl8bq0sfnch40000gn/T/jdk.jpackage10506364833728775098/images/image-10320893665944302794/DrumScoreEditor.app/Contents/runtime/Contents/Home/lib/libnet.dylib] exited with 1 code
at jdk.jpackage/jdk.jpackage.internal.Executor.executeExpectSuccess(Executor.java:90)
at jdk.jpackage/jdk.jpackage.internal.IOUtils.exec(IOUtils.java:215)
Running codesign manually as above ...
➜ autobuild git:(modelrip) ✗ cp /Library/Java/JavaVirtualMachines/temurin-17.jdk/Contents/Home/lib/libnet.dylib .
➜ autobuild git:(modelrip) ✗ /usr/bin/codesign -s "Developer ID Application: Alan White (REDACTED)" -vvvv --timestamp --options runtime --prefix org.whiteware.DrumScoreEditor libnet.dylib
libnet.dylib: is already signed
EDIT to show verbose log entries at failure
[08:40:50.007] Using default package resource Runtime-Info.plist.template [Java Runtime Info.plist] (add Runtime-Info.plist to the resource-dir to customize).
[08:40:50.016] Running /usr/bin/codesign
[08:40:50.342] Running /usr/bin/codesign
[08:40:51.454] java.io.IOException: Command [/usr/bin/codesign, -s, Developer ID Application: Alan White (REDACTED), -vvvv, --timestamp, --options, runtime, --prefix, org.whiteware.DrumScoreEditor, /var/folders/70/dxx7_3xn7kq1wl8bq0sfnch40000gn/T/jdk.jpackage2766942816810615066/images/image-16726125713601794084/DrumScoreEditor.app/Contents/runtime/Contents/Home/lib/libnet.dylib] exited with 1 code
at jdk.jpackage/jdk.jpackage.internal.Executor.executeExpectSuccess(Executor.java:90)
at jdk.jpackage/jdk.jpackage.internal.IOUtils.exec(IOUtils.java:215)
The message at 50.016 appears to be the call to codesign to un-sign the libs, then the next is the failing attempt to sign. If there was some way to surface the actual text message from the failing codesign rather than just there retcode of 1 it would be useful.
Hopefully this will help others in the future.
When jpackage spawns the codesign command it only surfaces that it received a return code of 1 if something went wrong signing your app. Verbose mode doesn't tell you any more.
To find the real error requires reproducing it. I'd made a flawed attempt at doing so, by copying the named dylib that was failing, trying to sign it, and getting a 'Already signed' message (and return code of 1).
What I needed to do was unsign libnet.dylib and then try and sign it again, and this time got the real error.
➜ autobuild git:(modelrip) ✗ /usr/bin/codesign --remove-signature libnet.dylib
➜ autobuild git:(modelrip) ✗ /usr/bin/codesign -s "Developer ID Application: Alan White (REDACTED)" -vvvv --timestamp --options runtime --prefix org.whiteware.DrumScoreEditor libnet.dylib
libnet.dylib: signed Mach-O thin (x86_64) [org.whiteware.DrumScoreEditorlibnet]
libnet.dylib: timestamps differ by 190 seconds - check your system clock
As for the cause of the clock errors, who knows, I rebooted and then it worked ... reminds me of jokes about "have you tried switching it on and off yet" .. facepalm