If "--mac-sign" option is specified without "--mac-signing-key-user-name" or "--mac-app-image-sign-identity" option, jpackage will silently ignore it.

Until jdk25 it used to look up a signing certificate. It was never meant to work this way, but this undocumented behavior found usage [1], [2].

We didn't know about it until we broke it in JDK-8333664 fix.

The change in JDK-8333664 fix changed one undocumented behavior into another in an incompatible way.

We need to decide how jpackage should behave if "--mac-sign" option is specified without "--mac-signing-key-user-name" or "--mac-app-image-sign-identity" option.

There are two options:

1. Restore the way it behaved prior JDK-8333664 fix. It will restore backward compatibility but imposes a security risk. If there is a certificate with the "Developer ID Application: " substring available and it is replaced by another one, the user of jpackage will not notice that their apps are signed with a different certificate.

2. jpackage exits with an error explaining that "--mac-sign" requires one of the options specifying signing identity. Such a change makes the "--mac-sign" option redundant, as it can not be used on its own.

[1] https://mail.openjdk.org/pipermail/core-libs-dev/2021-August/080291.html
[2] https://mail.openjdk.org/pipermail/core-libs-dev/2025-November/154570.html