Anyone know if I need to codesign the Java jar files included with a native build of JavaFX app when building for a Mac running Gatekeeper?Yes.
There is a guide to Mac codesigning from Oracle here:
There is a discussion on the Oracle Java Deployment Blog on packaging apps with a Gatekeeper:
There is a 3rd party guide for taking a Java app (based upon openjdk) to the Mac App Store:
I believe a forthcoming update will allow you to deploy your JavaFX apps to the Mac App Store as was done here for the Ensemble sample app:
is it even valid for ME to codesign Java jar files that i didn't build?Yes.
Check that the jar doesn't do anything bad so that your reputation is not tarnished or your code signing certificate revoked.
Also check the license of the code that you are signing (disclaimer that I am not a lawyer etc.).
If it's a BSD/MIT style license, then I don't think you will have any other issue.
For other license types GPL/Apache/Proprietary etc, ensure that you are complying with the redistribution clauses implied by those licenses.
The license compliance is likely an orthogonal consideration to the actual code signing.
If you are distributing your code through a store (e.g. mac app store), you also need to conform to the store's terms and conditions.
Any jar from the public maven repository will likely be perfectly fine for redistribution with your app as long as you comply with the code's license.
I get a lot msg like this afterthe app itself is signed but while signing the JVM jars:
codesign_allocate: object: /Users/user/NetBeansProjects/evidentia/dist/bundles/Evidentia.app/Contents/PlugIns/jdk1.7.0_21.jdk/Contents/Home/jre/lib/headless/libmawt.dylib malformed object (unknown load command 17) Evidentia.app/Contents//PlugIns/jdk1.7.0_21.jdk/Contents/Home/jre/lib/headless/libmawt.dylib: object file format unrecognized, invalid, or unsuitable
Oh, I thought from your question that you were just signing your application jar files, not the Oracle jvm.
The current Oracle binary code license agreement may not allow that anyway, you can check it:
I don't know the fix for your specific message "object file format unrecognized, invalid, or unsuitable".
I haven't got a mac codesign certificate to try to replicate or troubleshoot your issue.
I'd advise waiting for:
a) All JavaFX to be opensourced so that you can produce a signed build based upon openjdk rather than oracle jdk (similar to the method employed in the intransitione blog I linked earlier)
b) Oracle to release a version of JavaFX which is able to be out of the box packaged as a self-contained application deployable to the Mac app store by just using executions of the standard Java deployment packager tool or a 3rd party tool such as zonski's maven plugin or shemnons gradle plugin.
I do think that the Oracle team eventually intend to offer this kind of capability or at least support this kind of distribution. You could post to the openjfx-dev mailing list to get some kind of eta on when either of the above may be available and also some additional pointers for your packaging task.
Synopsis: Packager for Mac OS generates invalid ICNS icon.
After an application is packaged with the native Mac OS packager, the
.appbundle contains an invalid ICNS icon. When developers try to submit this application to Mac App Store, the Application Loader fails with the error reporting about an invalid ICNS icon.
To overcome the issue, perform the following steps:
- Change dir into generated bundles directory (
./dist/bundles). There you can find
- Write entitlements for your application. All programs, delivered by Mac App Store, are started within sandbox, so you have to describe needs of your application in some specific format, described on Apple official sites: some template you can find here. Let this file be named MyApp.entitlements.
- For some packager bug, we had to remake icon in
$ cd ./dist/bundles/MyApp.app/Resources
$ iconutil -c iconset MyApp.icns
$ rm -f MyApp.icns
$ iconutil -c icns MyApp.iconset
$ rm -rf MyApp.iconset $ cd ../../../../
- Sign your
codesign -f -s "3rd Party Mac Developer Application: <Your name>" --entitlements MyApp.entitlements MyApp.app.
- Sign all sub-libraries and jars:
find MyApp.app -name "*.jar" -or -name "*.dylib" | xargs codesign -f -s "3rd Party Mac Developer Application: <Your name>" --entitlements MyApp.entitlements.
- Build signed .pkg:
$ productbuild --component MyApp.app /Applications --sign "3rd Party Mac Developer Installer: <Your name>" --product MyApp.app/Contents/Info.plist MyApp.pkg
Don't be confused by different certificated: there must be at least two certificates: Application certificate and Submission/Installer certificates.
For more information see, JavaFX issue RT-31417.
Apparently for the December 2.2.60 release, Oracle plan to implement:
In the meantime, try with the above information, and, if you can't get it working, actively ping the Oracle developers at openjfx-dev for more info.
Best of luck with your app!
- Change dir into generated bundles directory (