Mac app store signing is a bit more cranky. The line Jeff gives is fine for Gatekeeper.
Here's what we do (in order) for the app store bundler coming in 8u20 - http://hg.openjdk.java.net/openjfx/8u-dev/rt/file/eee373287ad8/modules/fxpackager/src/main/java/com/oracle/bundlers/mac/MacAppStoreBundler.java First, we sign all the dylibs and jars in the .app bundle. We search recursively. Second, we sign all contained executables in the .app. There are at least two for packager: the launcher we provide and a file "jspawnhelper" that the jdk uses for Runtime.exec. Third, we sign everything in Contents/PlugIns and Contents/Frameworks. Frameworks is usually empty but it's there for completeness. Finally we can actually sign the app itself. All of these signatures can be done with your 3rd party signing key (3rd Party Mac Developer Application: <your name>). Did I say finally? Silly me. We're not done. Now we package it all up with the `productbuild` tool, and pass in the installer key to the --sign argument (3rd Party Mac Developer Installer: <your name>). One last hurdle, you need to remove the media library for JavaFX (lib/libjfxmedia.dylib) from your bundled JDK. It uses QuickTime and that is being disowned by apple. This may be fixed in a later 8u update, but not in 8.0.0_b132. With all of this I've been able to get past the static analysis guards Apple has set up for their app store submission. --Danno ----- Original Message ----- From: j...@reportmill.com To: adanec...@yahoo.com Cc: openjfx-dev@openjdk.java.net Sent: Monday, March 24, 2014 9:38:05 AM GMT -08:00 US/Canada Pacific Subject: Re: Using JavaFX deploy and having signing issues... I do this with my app, which works (though I don't submit it to the Mac App Store): codesign -s "Developer ID Application" RMStudio14.app jeff On Mar 24, 2014, at 11:26 AM, Tony Anecito <adanec...@yahoo.com> wrote: > Does anyone know how to codesign the jdk in the bundle created by JavaFX > deploy ant task properly? > I tried: > codesign -f -s "3rd Party Mac Developer Application: <Cert Name>" > name.app/Contents/Plugins/jdk1.8.0.jdk > > I get the error: name.app/Contents/Plugins/jdk1.8.0.jdk bundle format > unrecognized, invalid, or unsuitable > > I am wondering what was done with Ensemble to get past this issue. > > Thanks, > -Tony > > > > On Sunday, March 23, 2014 4:52 PM, Tony Anecito <adanec...@yahoo.com> wrote: > > Hi, > > I am using JavaFX deploy ant task and having issue trying to sign because of > jre embeded for Apple Store bundling. It is the last issue I have to fix then > I can finish my Apple Store submission. > > Apparently even the jdk for the bundle has to be signed. To do that I had to > redo permissions of jars and dylib files so the signing process would not > error. > > My jars for my own app jars are code signed already. I am using the Apple > find and codesign together so the jdk jre jars and dylib files get signed by > codesign. > > Still I get error when submitting final pkg (with its own signing > requirements) about invalid signature saying app not signed. > > I also discovered the JavaFX deploy lowercases my bundle id so it did not > match bundle id registered with iconnect. I fixed the pinfo file so it > matched. > > I would really like to see how this is all done with the ensemble app from > the JavaFX group. > > Regards, > -Tony
