Class CodesignPkgMojo
- All Implemented Interfaces:
org.apache.maven.api.plugin.Mojo
.app bundle inside a jpackage-produced .pkg
installer to add macOS entitlements required by the JVM.
This workaround exists because of JDK-8358723:
jpackage --mac-sign in older JDKs signs the main launcher and
nested runtime binaries without entitlements, so the JVM's JIT
entitlements (com.apple.security.cs.allow-jit, etc.) are
missing. Without them the JVM crashes immediately on Apple Silicon
with EXC_BREAKPOINT in pthread_jit_write_protect_np.
The fix for JDK-8358723 is backported to JDK 25.0.2+ via JDK-8369477 (OpenJDK 25.0.2 Jan 2026 CPU; Oracle JDK 25.0.3 Apr 2026 CPU) and is present in JDK 26 mainline. On those JDKs jpackage signs correctly, and re-signing on top produces a signature variant macOS 26.4's notary rejects. This goal therefore auto-skips on JDK 25.0.2 or newer.
This goal post-processes the .pkg (only on JDK < 25.0.2):
- Expands the
.pkgwithpkgutil --expand - Extracts the Payload (gzip + cpio archive)
- Re-signs the main executable and
.appbundle with entitlements - Repacks the Payload and regenerates the BOM
- Flattens the
.pkgwithpkgutil --flatten - Signs the
.pkgwithproductsign
Bind this goal after jpackage but before notarization:
<execution>
<id>codesign-pkg</id>
<phase>verify[0.5]</phase>
<goals><goal>codesign-pkg</goal></goals>
<configuration>
<entitlementsFile>${project.basedir}/src/main/resources/installer/resourceDir_unix/default.plist</entitlementsFile>
</configuration>
</execution>
On non-macOS platforms the goal skips silently. Set
-Dcodesign.pkg.forceWorkaround=true to run the re-sign on
JDK 25.0.2+ (debugging only).
-
Constructor Summary
Constructors -
Method Summary
-
Constructor Details
-
CodesignPkgMojo
public CodesignPkgMojo()Creates this goal instance.
-
-
Method Details
-
getLog
protected org.apache.maven.api.plugin.Log getLog()Access the Maven logger.- Returns:
- the logger
-
execute
public void execute() throws org.apache.maven.api.plugin.MojoException- Specified by:
executein interfaceorg.apache.maven.api.plugin.Mojo- Throws:
org.apache.maven.api.plugin.MojoException
-