I am running main Jenkins server in CentOs. Node Jenkins server in a macOs machine running Sonoma 14.2.
Main Jenkins controls Jenkins node via ssh with certificate (no pass).
I am trying to pack java application into macOs application using jpackage of OpenJDK 17.0.2, sign it and notize it so it ask/show/gets access to microphone, runs in background etc.
My Team Key
is in Keychain Access and command belows see it and uses it.
java/jdk-17.0.2.jdk/Contents/Home/bin/jpackage --verbose /
--name AppName /
--app-version 1.0.0 /
--input ./app /
--type app-image /
--mac-package-identifier "com.identifier.appname" /
--mac-package-name "App Name" /
--main-jar myJar.jar /
--runtime-image java/jdk-17.0.2.jdk /
--mac-sign /
--mac-signing-key-user-name "My Team Key" /
--java-options "-Djava.net.preferIPv4Stack=true" /
--java-options "-Dfile.encoding=UTF-8" /
--mac-entitlements /var/root/sipsocket/entitlements.plist
When I'm running this command from mac's terminal everything works perfectly, problem starts as soon as I am trying to it via ssh from another machine or main Jenkins server.
I'm getting:
Warning: unable to build chain to self-signed root for signer "Developer ID Application: ...."
app/oneOfAppFileInSubfolder: errSecInternalComponent
What I tried:
- Adding user to root group so I can run command with
sudo
; - Activating root user and using root user for this;
- running
/usr/bin/codesign --remove-signature app/oneOfAppFileInSubfolder
just maybe because it is not able to override existing signarute; - Followed steps from this article from "Working without the GUI" section. this part
security set-key-partition-list -S "apple:" -l "Developer ID Application: …"
from that section didn't work for thought. - PS. tried running command over shh just from a job with and without
-t
option (for a pseudo-tty allocation), like:ssh -i id_rsa -t user@serverIP 'zsh -c "cd ./Developer && sudo ./run"'
At this point I assume it fails because there is no GUI involved while I am running over ssh.
Is there any work around this problem or am I missing something or unaware of anything?
I will be updating the question with new information on request in case if provided info is not sufficient or if I find a solution.