Notarisation of jar files

Hi.
I'm working in a product that install different components in the Mac device. Since beginning of this year We are working in the notarisation of the Applications and installers.
I'm submitting this post to understand if it is necessary to notarise jar files: for some uses cases the application downloads jars from the backend and then runs it on the Mac device using the Java Virtual Machine installed on it. At this point my understanding is that there is no need to notarise the downloaded jar files to be able to run on Mac devices (and there will no be a problem related with notarisation in the future). There are several posts explaining how to notarise Java Apps but out use case is different. Also the jar files can not be notarised.
Can you confirm that there is no need to notarise the jar files to run on Mac Devices. If the answer is yes, how these jars should be notarised?
Regards

is [it] necessary to notarise jar files

That depends on whether the jar file contains native code or not. If it does, you must notarise it.

The key thing to note here is that the trusted execution subsystem will not execute native code unless it’s covered by a notarisation ticket [1]. If the jar archive contains native code that hasn’t been notarised, the system will refuse to load that code. Clearly that’s not going to end well.

The notary service will find native code within a jar archive so notarising one isn’t hard, you just have to make sure that the native code is signed properly. That may involve unpacking, re-signing, and then repacking the jar archive.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

[1] Currently this only applies to quarantined code but it’s not hard to imagine that changing in the future.
Notarisation of jar files
 
 
Q