Hardened runtime for Java and Mojave

Question

I currently distribute a Java application, packaged and signed using pkgbuild on macOS.

Recently, Apple warns developers:

\"In an upcoming rel

Answer 1

In addition to tresf's answer above, if your app is sandboxed (and possibly even if not) then the hardened runtime will fail when the JVM is loaded. To work around that you'll need to add some keys to your entitlements when signing. The necessary entitlement entries are below, copied from TAO ZHOU's solution here: https://github.com/TheInfiniteKind/appbundler/issues/39

com.apple.security.cs.allow-jit

com.apple.security.cs.allow-unsigned-executable-memory

com.apple.security.cs.disable-executable-page-protection

com.apple.security.cs.disable-library-validation

com.apple.security.cs.allow-dyld-environment-variables