The "jpackage" command tool provided by Oracle: It specifies some options for MacOS code signing: --mac-sign --mac-package-signing-prefix "ST_DFG2D_ARM" --mac-signing-key-user-name "Pierre Bierre" that it reformats when it runs and calls Apple's "codesign". Maybe you can show me how to translate these options into a discrete call to codesign? [14:06:05.820] java.io.IOException: Command [/usr/bin/codesign, -s, Developer ID Application: Pierre Bierre (SL7L4YU8GT), -vvvv, --timestamp, --options, runtime, --prefix, ST_DFG2D_ARM, /var/folders/v7/06pp2_5d6gz9593k96n2z0v40000gn/T/jdk.jpackage8264959517592888307/images/image-10714515757680011645/DataflowGeometry2D.app/Contents/runtime/Contents/Home/lib/libnet.dylib] exited with 1 code I tried this guess: codesign --sign "Pierre Bierre (SL7L4YU8GT)" --force --options runtime --verbose --timestamp ~/DFG2D_MacOS_Manufacturing/MacOSInstallers/DFG2D_Mac_J17010_295 The response was: error: The specified item could not be found in the keychain. Note, I use the thumprint for authenticaion on my M2. Could that be the problem? On my intel-Mac, signing from the "jpackage" script WORKS , and it always begins by prompting me to enter my local MacOS password. I need help to get past the signer , before I can tell if a -- force will solve the issue

I tried shutting OFF the TouchID for autofilling passwords. No better. It still can't find my keychain credentials.

p.s. the command security find-certificate -a -p Finds all my certificates in the Keychain on the M2 rig

OK, I the private keys that go with the Developer ID and Installer Certificates were missing on the M2's Keychain. So, I next tried to Export my good-signing Cert+Identity into a .p12 file, but that option was grayed out in the Export dialog. Will start a new thread on that problem.

Quinn, on my sw manufacturing iMac(intel), I'm able to sign my .dmg installers. That said, when I attempt to port the signing environment over to my M2, I'm thwarted in creating the .p12 file. This Export option is grayed out. What could be causing that?

This problem was correctly diagnosed as: The private keys were missing in Keychain Access.

When I initially obtained my Developer ID Application and Developer ID Installer Certificates, they were put in the "Certificates" under the System Keychain. I don't remember choosing this storage location. The associated private keys were stored in Keys / login. And since "codesign" was happy with finding my credentials stored this way, but you're saying to Export them they needed to go in MyCertificates, this raises the 2 questions: How do I move my Developer ID Certificates into MyCertificates? How was it decided to install them in the wrong place?

The recipe to transfer the Developer ID Certs --> MyCertificates isn't perfect....it did allow me to copy the Certs into login / MyCertificates, but if I then try to delete the Developer ID Certs associated with System / Certificates, the delete command deletes BOTH copies of the Cert, leaving me with nothing. The good news is that codesign accepts the Certs I transferred by .p12 file Export / Import onto my M2 computer (which was the higher-level problem). It only gives a warning about finding multiple copies of the same cert. I chose NOT to accept the answer because it leaves the codesign with this warning.

My latest process is still failing Notarization, saying 10 .dylib files (located in the jog amp MacosX Universal Binaries folder) are unsigned. My process: Unarchive jogamp-fat.jar (command line too "jar xf") codesign --timestamp all 10 .dylib files confirm all signed reJar the jog amp-fat.jar codesign the jar, and confirm signed add signed jar back into Eclipse Java project as an external library Export app jar use jpackage tool to sign app jar , build .dmg, and sign that test run install and launch submit .dmg to Notarization Will try to email the .dmg to Quinn

Link to DropBox where I put the .dmg installer that won't pass Notarization even after signing the errant binaries:https://www.dropbox.com/scl/fi/axj79k0jzwwzwxjimgpg4/DataflowGeometry2D-1.0.313.dmg.cpgz?rlkey=zsan46qo6gdjk6y4dy1utgay6&st=uo9ujuo8&dl=0

I have a valid Developer ID certificate and key. When I codesign, I'm prompted to enter my system pw. codesign gives absolutely ZERO feedback that it isn't using the Developer ID I reference in the codesign command line. It just says it's signed in response to --verify. You haven't told me anything specifically actionable, like how would I verify during code signing that it's using my Developer ID vs. adhoc. Is there a way to tell, short of the long, exasperating feedback loop leading to Notarization testing?

Would you agree to a screen-sharing session to help resolve this?

POSSIBLE CLUE: This feedback from: codesign --display --verbose=2 indicates a valid Developer ID signature is attached, (not an adhoc signature) pierrebierre@Pierres-iMac ~ % codesign --display --verbose=2 ~/DFG2D_MacOS_Manufacturing/JogAmpSignedJar/jogamp-fat/natives/macosx-universal/libnewt_head.dylib Executable=/Users/pierrebierre/DFG2D_MacOS_Manufacturing/JogAmpSignedJar/jogamp-fat/natives/macosx-universal/libnewt_head.dylib Identifier=libnewt_head Format=Mach-O universal (x86_64 arm64) CodeDirectory v=20400 size=912 flags=0x0(none) hashes=23+2 location=embedded Signature size=9047 Authority=Developer ID Application: Pierre Bierre (SL7L4YU8GT) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=Aug 4, 2025 at 11:36:17 AM Info.plist=not bound TeamIdentifier=SL7L4YU8GT Sealed Resources=none Internal requirements count=1 size=172 The codesign --verify --verbose command gives: pierrebierre@Pierres-iMac ~ % codesign --verify --verbose ~/DFG2D_MacOS_Manufacturing/JogAmpSignedJar/jogamp-fat/natives/macosx-universal/libnewt_head.dylib /Users/pierrebierre/DFG2D_MacOS_Manufacturing/JogAmpSignedJar/jogamp-fat/natives/macosx-universal/libnewt_head.dylib: valid on disk /Users/pierrebierre/DFG2D_MacOS_Manufacturing/JogAmpSignedJar/jogamp-fat/natives/macosx-universal/libnewt_head.dylib: satisfies its Designated Requirement Is this not the feedback indicating I (a valid Apple Developer) have signed my code? What possibly could explain why Notarization is calling out this file as unsigned?

I just found some evidence that Eclipse is linking in the unsigned "jogamdp-fat" jar. I can tell because I noted the file size increase after code signing, and the one being linked in the smaller file.

WOOHOO!!!!! It's been 3 months trying to crack this, going back to a problem that occurred when originally installing my Developer ID Certificates into KeyChainAccess. Thank you for your help. Successfully uploaded file id: e7b2c2a0-24e4-48e3-8c0e-baa7b5a33f07 path: /Users/pierrebierre/DFG2D_MacOS_Manufacturing/MacOSInstallers/DFG2D_Mac_J1602_x86/DataflowGeometry2D-1.0.313.dmg Waiting for processing to complete. Current status: Accepted..................... Processing complete id: e7b2c2a0-24e4-48e3-8c0e-baa7b5a33f07 status: Accepted