B4J Tutorial MacSigner - Building notarized Mac packages

Screen Shot 2021-05-19 at 11.55.28.png


It is mostly impossible to run non-notarized and unsigned apps on new versions of Mac.
MacSigner tool will help you with the various steps required to convert the app jar to a notarized and signed app package.

Requirements
  1. Mac computer.
  2. Apple developer account ($99 per year).
Java

The java SDK is made of three components: Java JDK, JavaFX libs and JavaFX jmods.
Java JDK 14.0.2: https://download.java.net/java/GA/j...c647/12/GPL/openjdk-14.0.2_osx-x64_bin.tar.gz
JavaFX libs: https://gluonhq.com/download/javafx-16-sdk-mac/
JavaFX jmods: https://gluonhq.com/download/javafx-16-jmods-mac/

You need to download the three components to a folder:

1621493668902.png

And unpack the files:

1621493855652.png

Don't rename the folders.


Mac signer

Download and unzip MacSigner to your Mac: www.b4x.com/b4j/MacSigner.zip

Signing key

In most cases you should use a single signing key for all your app. Steps to create the signing key:
  1. Run MacSigner. Set the path to Java 14 bin folder: jdk-14.02.jdk/Contents/Home/bin
  2. Set the path to the keys folder.
  3. Click on Create Key. You can leave the default values.
  4. It will create various files in the keys folder, including a file named certSigningRequest.csr.
  5. It is a good time to save the MacSigner settings (File - Save).
  6. Go to: https://developer.apple.com/account/resources/certificates/list
    Create a new certificate. Set its type to Developer ID Application. Don't confuse it with other similar types.
    Upload certSigningRequest.csr when requested to upload a certificate signing request file.
  7. Download developerID_application.cer and put it in the keys folder:

    1621419523878.png

    All these files go together. A certificate created with a different csr file will not work.
Steps from a jar to an app package

Link
- the good old B4JPackager11 which is embedded inside MacSigner. Links the app jar with a Java runtime. Creates a standalone package.
Package - Uses Java jPackage tool to convert the standalone package to a Mac app package with a native launcher. The files in the package are signed during this step. It also creates a zip file of the package.
Notarize - Uploads the zip file to Apple server for automatic tests. This step can take several minutes to complete. This step ends when the file was uploaded to Apple. It can take another several minutes for Apple to process the file. An email will be sent after the file was processed.
Request Info (optional) - Checks the status of a submitted app.
Staple - After the app was notarized successfully, the staple step marks the app package as notarized.

More details

Link


Copy the compiled jar to the Mac. If you have used #PackagerProperty (or it was added by a b4xlib) then you should also copy packager.json, which is generated when you choose Project - Build standalone package:

1621429436536.png


No need to copy the json file if not using #PackagerProperty.
If completed successfully, you will see a line similar to:
You can check the linked package: /Users/ereluziel/Downloads/tempjars/temp/build/run.command
Worth running run.command to see that the package works as expected.

Package

Set the app name. You can also put an icon file at the same folder as the jar file. The icon extension should be icns. You can use this tool to create the icon: https://cloudconvert.com/png-to-icns
As before, the output path will be logged. Worth double clicking on the app file. It should work.

Notarize

Set your Apple's username and password and provider id (click on List Providers to find it). The password must be an app specific password: https://appleid.apple.com/account/manage - Security - App Specific Passwords
After the zip file is uploaded, you will see something like:
No errors uploading '/Users/ereluziel/Downloads/tempjars/package/MacSigner.zip'.
RequestUUID = 5d17a894-0389-4737-a898-cec4a90f0d50

You can check the request status using the request uuid. You will also receive an email when the check completes.

Staple

If the app was notarized properly then you should click on Staple to mark the app package. It will also delete the previous zip file and create a new one.

You can now distribute it 👍

Tips

Updates

  • 1.02 - Switched from altool to notarytool as required by Apple. Note that you must fill the provider field.
  • 1.01 - Adds an option to set the provider. It is relevant when there are several teams related to the Apple account.
    There is a new List Providers button. Click on it. Find the provider short name and put it in the field. If there is a single provider then you can leave it empty.
  • 0.95 - fixes issue with Java.
 
Last edited:

aeric

Expert
Licensed User
Longtime User
Link - the good old B4JPackager11 which is embedded inside MacSigner. Links the app jar with a Java runtime. Creates a standalone package.
I don't get it.
B4JPackager11 is embeded inside MacSigner?
Link the app with a Java runtime. Which version to download?
Create a standalone package, From B4J ide?
 

hatzisn

Expert
Licensed User
Longtime User
I don't get it.
B4JPackager11 is embeded inside MacSigner?
Link the app with a Java runtime. Which version to download?
Create a standalone package, From B4J ide?
Compile the B4J app in Windows and upload the .jar file in mac. The packager is included in the MacSigner. Just follow the tutorial and click on the buttons from top to bottom.
 

drponciano

Member
Licensed User
Longtime User
Have a program working well in windows and Mac. After creating a package with MacSigner, running run.command I get:

main._process_globals (java line: -1)
java.lang.NoClassDefFoundError: javafx/scene/web/WebView
at b4j/GrupoLAB.com.main._process_globals(Unknown Source)
at b4j/GrupoLAB.com.main.initializeProcessGlobals(Unknown Source
at b4j/GrupoLAB.com.main.start(Unknown Source)
at javafx.graphics/com.sun.javafx.application.LauncherImpl.lambda$launch
...
Any idea what may be wrong?
 

yo3ggx

Active Member
Licensed User
Longtime User
Using the packaged MacSigner on an arm based Mac (M1, M2, etc.) following the procedure from the first post, generates an x64 version of the application. Trying to build a native aarch64 version, using aarch64 versions of openjdk and JavaFX, even "Link" is successful (without errors), generates a non functional application, which is somehow expected.
I try to build the jar file for MaxSigner using the source code and to launch it from the command line on my Mac Mini M2, using aarch64 java and javafx, but I get an error.
B4X:
b4xpagesmanager._createpageifneeded (java line: 310)
java.lang.RuntimeException: java.lang.RuntimeException: java.lang.IllegalAccessException: class anywheresoftware.b4j.object.JavaObject cannot access class com.sun.javafx.collections.VetoableListDecorator (in module javafx.base) because module javafx.base does not export com.sun.javafx.collections to unnamed module @2dea241d
    at anywheresoftware.b4a.keywords.Common.CallSub4(Common.java:523)
    at anywheresoftware.b4a.keywords.Common.CallSubNew2(Common.java:469)
    at b4j.macsigner.b4xpagesmanager._createpageifneeded(b4xpagesmanager.java:310)
    at b4j.macsigner.b4xpagesmanager._showpage(b4xpagesmanager.java:725)
    at b4j.macsigner.b4xpagesmanager._addpage(b4xpagesmanager.java:116)
    at b4j.macsigner.b4xpagesmanager._addpageandcreate(b4xpagesmanager.java:123)
    at b4j.macsigner.b4xpagesmanager._initialize(b4xpagesmanager.java:494)
    at b4j.macsigner.main._appstart(main.java:61)
    at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
    at java.base/java.lang.reflect.Method.invoke(Method.java:578)
    at anywheresoftware.b4a.BA.raiseEvent2(BA.java:111)
    at anywheresoftware.b4a.BA.raiseEvent(BA.java:98)
    at b4j.macsigner.main.start(main.java:37)
    at [email protected]/com.sun.javafx.application.LauncherImpl.lambda$launchApplication1$9(LauncherImpl.java:847)
    at [email protected]/com.sun.javafx.application.PlatformImpl.lambda$runAndWait$12(PlatformImpl.java:484)
    at [email protected]/com.sun.javafx.application.PlatformImpl.lambda$runLater$10(PlatformImpl.java:457)
    at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
    at [email protected]/com.sun.javafx.application.PlatformImpl.lambda$runLater$11(PlatformImpl.java:456)
    at [email protected]/com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:96)

I start MacSigner with the following command:
B4X:
jdk-14.0.2.jdk/Contents/Home/bin/java --module-path javafx-sdk-16/lib  --add-modules javafx.controls,javafx.swing,javafx.base -jar  MacSigner.jar

Did anyone succeed to build an aarch64 version of MacSigner?
 

MarcoRome

Expert
Licensed User
Longtime User
Hi @Erel
I tried the Rel.1.02.
But I have the following problem, after doing all the steps, the moment I click on "Notarize", the command is executed successfully (as you can see from the attached picture).

1686852601459.png



But unlike before I don't get any email from Apple.

If after a few minutes i enter the "SubMission ID received" in the "Notarization request identifier" field and try to click "Staple" the package is successfully created.

1686852731425.png



I try to run the same, the activity is displayed correctly but the data from the DB are not read.
Which instead does not happen if I use Macsigner 1.01.
Where am I wrong?
Is it normal to no longer receive Apple's email?
Thank you
Marco
 

hatzisn

Expert
Licensed User
Longtime User
What about https:// ? Where are you from? I just downloaded in Windows 10 with no problem. Maybe a geolocation restriction? Or just MacOS security strict restriction for http?
 
Top