6 Replies Latest reply on Nov 2, 2013 10:29 AM by zoopraxi

    Mac Codesign Java

      Anyone know if I need to codesign the Java jar files included with a native build of JavaFX app when building for a Mac running Gatekeeper?

      is it even valid for ME to codesign Java jar files that i didn't build?
        • 1. Re: Mac Codesign Java
          Anyone know if I need to codesign the Java jar files included with a native build of JavaFX app when building for a Mac running Gatekeeper?

          There is a guide to Mac codesigning from Oracle here:

          There is a discussion on the Oracle Java Deployment Blog on packaging apps with a Gatekeeper:

          There is a 3rd party guide for taking a Java app (based upon openjdk) to the Mac App Store:

          I believe a forthcoming update will allow you to deploy your JavaFX apps to the Mac App Store as was done here for the Ensemble sample app:
          is it even valid for ME to codesign Java jar files that i didn't build?

          Check that the jar doesn't do anything bad so that your reputation is not tarnished or your code signing certificate revoked.

          Also check the license of the code that you are signing (disclaimer that I am not a lawyer etc.).
          If it's a BSD/MIT style license, then I don't think you will have any other issue.
          For other license types GPL/Apache/Proprietary etc, ensure that you are complying with the redistribution clauses implied by those licenses.
          The license compliance is likely an orthogonal consideration to the actual code signing.
          If you are distributing your code through a store (e.g. mac app store), you also need to conform to the store's terms and conditions.

          Any jar from the public maven repository will likely be perfectly fine for redistribution with your app as long as you comply with the code's license.
          • 2. Re: Mac Codesign Java
            I get a lot msg like this afterthe app itself is signed but while signing the JVM jars:
            codesign_allocate: object: /Users/user/NetBeansProjects/evidentia/dist/bundles/Evidentia.app/Contents/PlugIns/jdk1.7.0_21.jdk/Contents/Home/jre/lib/headless/libmawt.dylib malformed object (unknown load command 17)
            Evidentia.app/Contents//PlugIns/jdk1.7.0_21.jdk/Contents/Home/jre/lib/headless/libmawt.dylib: object file format unrecognized, invalid, or unsuitable
            • 3. Re: Mac Codesign Java
              Oh, I thought from your question that you were just signing your application jar files, not the Oracle jvm.
              The current Oracle binary code license agreement may not allow that anyway, you can check it:

              I don't know the fix for your specific message "object file format unrecognized, invalid, or unsuitable".
              I haven't got a mac codesign certificate to try to replicate or troubleshoot your issue.

              I'd advise waiting for:

              a) All JavaFX to be opensourced so that you can produce a signed build based upon openjdk rather than oracle jdk (similar to the method employed in the intransitione blog I linked earlier)


              b) Oracle to release a version of JavaFX which is able to be out of the box packaged as a self-contained application deployable to the Mac app store by just using executions of the standard Java deployment packager tool or a 3rd party tool such as zonski's maven plugin or shemnons gradle plugin.


              I do think that the Oracle team eventually intend to offer this kind of capability or at least support this kind of distribution. You could post to the openjfx-dev mailing list to get some kind of eta on when either of the above may be available and also some additional pointers for your packaging task.
              • 4. Re: Mac Codesign Java

                when calling

                >codesign -v  -s "Developer ID Application: ...."  ./ZP_Prototype2.app

                i got

                >./ZP_Prototype2.app: object file format unrecognized, invalid, or unsuitable


                Mac osX 10.8.5


                Still no solution for this issue?




                • 5. Re: Mac Codesign Java

                  See =>  Java™ SE Development Kit 7 Update 40 Release Notes



                  Area: Packager
                  Synopsis: Packager for Mac OS generates invalid ICNS icon.


                  After an application is packaged with the native Mac OS packager, the .app bundle contains an invalid ICNS icon. When developers try to submit this application to Mac App Store, the Application Loader fails with the error reporting about an invalid ICNS icon.



                  To overcome the issue, perform the following steps:

                  • Change dir into generated bundles directory (./dist/bundles). There you can find MyApp.app.
                  • Write entitlements for your application. All programs, delivered by Mac App Store, are started within sandbox, so you have to describe needs of your application in some specific format, described on Apple official sites: some template you can find here. Let this file be named MyApp.entitlements.
                  • For some packager bug, we had to remake icon in ./dist/bundles/MyApp.app/Resources:
                    $ cd ./dist/bundles/MyApp.app/Resources 
                    $ iconutil -c iconset MyApp.icns 
                    $ rm -f MyApp.icns 
                    $ iconutil -c icns MyApp.iconset 
                    $ rm -rf MyApp.iconset $ cd ../../../../ 
                  • Sign your .app:

                  codesign -f -s "3rd Party Mac Developer Application: <Your name>"  --entitlements MyApp.entitlements MyApp.app.

                  • Sign all sub-libraries and jars:

                  find MyApp.app -name "*.jar" -or -name "*.dylib" | xargs  codesign -f -s "3rd Party Mac Developer Application: <Your name>"  --entitlements MyApp.entitlements.

                  • Build signed .pkg:

                  $ productbuild --component MyApp.app /Applications --sign "3rd Party Mac Developer Installer: <Your name>" --product MyApp.app/Contents/Info.plist MyApp.pkg

                  Don't be confused by different certificated: there must be at least two certificates: Application certificate and Submission/Installer certificates.

                  For more information see, JavaFX issue RT-31417.


                  See also:

                    Packaging a Java App for Distribution on a Mac

                    Take your Java application to the Mac App Store.


                  Apparently for the December 2.2.60 release, Oracle plan to implement:

                    RT-24728 Update Ensemble project to demo how to produce bundle for Mac App Store

                  In the meantime, try with the above information, and, if you can't get it working, actively ping the Oracle developers at openjfx-dev for more info.


                  Best of luck with your app!

                  • 6. Re: Mac Codesign Java

                    hi all,


                    the problem was my xcode version....this fixed my problem




                    Regards Michael