On 2012-07-31, at 9:54 AM, Scott Kovatch <email@hidden> wrote:
> Let's remember one thing: _none_ of this has to do with being a Java developer. Anyone who develops for OS X is dealing with the same issues, including Cocoa developers. The message is clear: either get a paid developer membership and a Developer ID certificate or produce documentation telling your customers how to turn off Gatekeeper.
Although not specific to Java, the default behaviour is worse for Java.
A Cocoa developer can choose to ignore signing, and produce an unsigned app. When the user tries to run this, they get a message essentially saying "This app is from an unknown developer, go change your preferences to allow unsigned apps to be run".
The JavaApplicationStub provided in Mountain Lion (and Lion?) is signed by Apple, but once it is bundled into a developers own App, that signature becomes invalid. So, if a Java developer chooses to ignore signing, they instead get a "damaged" app that produces a message like "This app is damaged, moved it to the Trash" and there is no way to run it.
For a bundled Java app the options seem to be:
* Use an older version of JavaApplicationStub from before Apple started signing it.
* Remove Apple's signature from JavaApplicationStub when bundling
* Sign the bundled App using an Apple supplied Developer ID (as per Mike's instructions)
And I'm going to throw in another totally untested option that may or not work:
* Self sign the bundled app with your own ID/CA and get User to trust your certificate
I had a look around, and found a tool that removes the LC_CODE_SIGNATURE from the JavaApplicationStub
http://snipt.org/kto/
If you run this on a bundled app, the error changes from "This app is damaged" to "This app is unsigned".
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Java-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
