Class CodesignNativesMojo

java.lang.Object
network.ike.plugin.CodesignNativesMojo
All Implemented Interfaces:
org.apache.maven.api.plugin.Mojo

@Mojo(name="codesign-natives", defaultPhase="package", projectRequired=true) public class CodesignNativesMojo extends Object implements org.apache.maven.api.plugin.Mojo
Sign native libraries (.dylib, .jnilib) inside a jlink runtime image so the resulting installer passes Apple notarization.

Apple requires every executable binary in a notarized bundle to be signed with a Developer ID certificate and include a secure timestamp. JARs containing native libraries (JNA, RocksDB, etc.) ship with unsigned or ad-hoc-signed binaries that Apple rejects.

This goal walks the runtime image directory, finds native libraries both loose and inside JARs, and signs each one with codesign. For JARs, the native entries are extracted, signed, and repacked.

Bind this goal after jlink image assembly and dependency staging but before jpackage creates the installer:

<execution>
    <id>codesign-natives</id>
    <phase>package[5]</phase>
    <goals><goal>codesign-natives</goal></goals>
    <configuration>
        <runtimeImageDir>${project.build.directory}/jreleaser-jlink/assemble/komet-standard/jlink/...</runtimeImageDir>
        <signingIdentity>Developer ID Application: Your Name (TEAMID)</signingIdentity>
    </configuration>
</execution>

On non-macOS platforms the goal skips silently.

See Also:
  • Constructor Details

    • CodesignNativesMojo

      public CodesignNativesMojo()
      Creates this goal instance.
  • Method Details

    • getLog

      protected org.apache.maven.api.plugin.Log getLog()
      Access the Maven logger.
      Returns:
      the logger
    • execute

      public void execute() throws org.apache.maven.api.plugin.MojoException
      Specified by:
      execute in interface org.apache.maven.api.plugin.Mojo
      Throws:
      org.apache.maven.api.plugin.MojoException