{"id":26158,"date":"2019-08-02T15:54:15","date_gmt":"2019-08-02T19:54:15","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=26158"},"modified":"2019-08-06T16:29:43","modified_gmt":"2019-08-06T20:29:43","slug":"notarization-and-java-apps","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2019\/08\/02\/notarization-and-java-apps\/","title":{"rendered":"Notarization and Java Apps"},"content":{"rendered":"<p><a href=\"https:\/\/blog.beatunes.com\/2019\/08\/notarization-and-java-apps.html\">Hendrik Schreiber<\/a>:<\/p>\n<blockquote cite=\"https:\/\/blog.beatunes.com\/2019\/08\/notarization-and-java-apps.html\">\n<p>For beaTunes things are a little different, as it uses Java as runtime. So far Oracle (or anybody else I know of) has not shipped a Java runtime that has been compiled against macOS SDK 10.9 or later and the hardened macOS runtime. Additionally, Oracle&rsquo;s Java executables are not signed with suitable signature algorithms (see <a href=\"https:\/\/bugs.openjdk.java.net\/browse\/JDK-8223671\">Bug JDK-8223671<\/a> for a detailed list of notarization failures). All these are requirements for notarization. There is no way for me to ship a notarized version of beaTunes before they are addressed and unless I want to roll my own version of Java (I don&rsquo;t!!), I simply have to wait and hope that someone at Oracle will take pity on Mac devs.<\/p>\n<\/blockquote>\n\n<p>It is increasingly difficult to be off the beaten path of using Apple&rsquo;s preferred tools and frameworks.<\/p>\n\n<p><a href=\"https:\/\/twitter.com\/tperfitt\/status\/1157015909925642241\">Timo Perfitt<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/tperfitt\/status\/1157015909925642241\">\n<p>&ldquo;Uploading to Apple to Notarize&rdquo; is the new &ldquo;COMPILING!&rdquo;<\/p>\n<\/blockquote>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2019\/07\/30\/updated-hardened-runtime-documentation\/\">Updated Hardened Runtime Documentation<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2019\/07\/26\/what-i-wish-id-known-before-starting-notarize\/\">What I Wish I&rsquo;d Known Before Starting Notarize<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2019\/06\/06\/security-privacy-in-macos-10-15-beta\/\">Security &amp; Privacy in macOS 10.15 Beta<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2019\/04\/08\/macos-10-14-5-requires-new-developers-to-notarize\/\">macOS 10.14.5 Requires New Developers to Notarize<\/a><\/li>\n<\/ul>\n\n<p id=\"notarization-and-java-apps-update-2019-08-05\">Update (2019-08-05): <a href=\"https:\/\/twitter.com\/McCloudStrife\/status\/1157387601055059968\">McCloud<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/McCloudStrife\/status\/1157387601055059968\">\n<p>Handy reminder: <em>Everything<\/em> in your entire stack, up to and including your programming language&rsquo;s runtime environment, is a liability.<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/twitter.com\/rosyna\/status\/1157561768987619328\">Rosyna Keller<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/rosyna\/status\/1157561768987619328\">\n<p>Developers should make sure it&rsquo;s their own Developer ID that signs libraries they ship inside their apps.<\/p>\n<p>Also, OpenJDK 8 is rather old and new JDKs are properly built against macOS 10.9 or later.<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/medium.com\/adoptopenjdk\/bundling-adoptopenjdk-into-a-notarized-macos-application-f4d69404afc\">George Adams<\/a>:<\/p>\n<blockquote cite=\"https:\/\/medium.com\/adoptopenjdk\/bundling-adoptopenjdk-into-a-notarized-macos-application-f4d69404afc\"><p>We have enabled hardened runtime on our macOS binaries which will allow them to be bundled into applications and pass Apple&rsquo;s Notarization tests. OpenJDK 11+ will work out of the box, OpenJDK8 needs a bit more work because it&rsquo;s built on an older toolchain that the notarization test doesn&rsquo;t support. We will be creating a second release of <a href=\"https:\/\/github.com\/AdoptOpenJDK\/openjdk11-binaries\/releases\/tag\/jdk-11.0.4%2B11\">jdk-11.0.4+11<\/a> and <a href=\"https:\/\/github.com\/AdoptOpenJDK\/openjdk12-binaries\/releases\/tag\/jdk-12.0.2%2B10\">jdk-12.0.2+10<\/a> which will have hardened runtime enabled.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Hendrik Schreiber: For beaTunes things are a little different, as it uses Java as runtime. So far Oracle (or anybody else I know of) has not shipped a Java runtime that has been compiled against macOS SDK 10.9 or later and the hardened macOS runtime. Additionally, Oracle&rsquo;s Java executables are not signed with suitable signature [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2019-08-02T19:54:22Z","apple_news_api_id":"bd4fffa5-bd8c-4bd0-8bb3-d7b9a4d1cbfd","apple_news_api_modified_at":"2019-08-06T20:29:48Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAQ==","apple_news_api_share_url":"https:\/\/apple.news\/AvU__pb2MS9CLs9e5pNHL_Q","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[1851,466,84,30,32,1666,1842,71],"class_list":["post-26158","post","type-post","status-publish","format-standard","hentry","category-technology","tag-beatunes","tag-codesigning","tag-java","tag-mac","tag-macapp","tag-macos-10-15","tag-notarization","tag-programming"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/26158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=26158"}],"version-history":[{"count":3,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/26158\/revisions"}],"predecessor-version":[{"id":26203,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/26158\/revisions\/26203"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=26158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=26158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=26158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}