codesign java aplication with jpackage on MacOs using Jenkins node

106 views Asked by At

I am running main Jenkins server in CentOs. Node Jenkins server in a macOs machine running Sonoma 14.2.

Main Jenkins controls Jenkins node via ssh with certificate (no pass).

I am trying to pack java application into macOs application using jpackage of OpenJDK 17.0.2, sign it and notize it so it ask/show/gets access to microphone, runs in background etc.

My Team Key is in Keychain Access and command belows see it and uses it.

java/jdk-17.0.2.jdk/Contents/Home/bin/jpackage --verbose /
     --name AppName /
     --app-version 1.0.0 /
     --input ./app /
     --type app-image /
     --mac-package-identifier "com.identifier.appname" /
     --mac-package-name "App Name" /
     --main-jar myJar.jar /
     --runtime-image java/jdk-17.0.2.jdk /
     --mac-sign /
     --mac-signing-key-user-name "My Team Key" /
     --java-options "-Djava.net.preferIPv4Stack=true" /
     --java-options "-Dfile.encoding=UTF-8" /
     --mac-entitlements /var/root/sipsocket/entitlements.plist

When I'm running this command from mac's terminal everything works perfectly, problem starts as soon as I am trying to it via ssh from another machine or main Jenkins server.

I'm getting:

Warning: unable to build chain to self-signed root for signer "Developer ID Application: ...."
    app/oneOfAppFileInSubfolder: errSecInternalComponent

What I tried:

  • Adding user to root group so I can run command with sudo;
  • Activating root user and using root user for this;
  • running /usr/bin/codesign --remove-signature app/oneOfAppFileInSubfolder just maybe because it is not able to override existing signarute;
  • Followed steps from this article from "Working without the GUI" section. this part security set-key-partition-list -S "apple:" -l "Developer ID Application: …" from that section didn't work for thought.
  • PS. tried running command over shh just from a job with and without -t option (for a pseudo-tty allocation), like: ssh -i id_rsa -t user@serverIP 'zsh -c "cd ./Developer && sudo ./run"'

At this point I assume it fails because there is no GUI involved while I am running over ssh.

Is there any work around this problem or am I missing something or unaware of anything?

I will be updating the question with new information on request in case if provided info is not sufficient or if I find a solution.

0

There are 0 answers