Signing a JavaFX Maven project for MacOS’ Guardkeeper

When creating a JavaFX application for MacOS as an “.app” file it is important to sign it correctly. If it isn’t signed correctly, the message “YourApp can’t be opened because it is from an unidentified developer.” will appear when a user tries to start the downloaded “.app” file: To fix this one can use the … Continue reading “Signing a JavaFX Maven project for MacOS’ Guardkeeper”

When creating a JavaFX application for MacOS as an “.app” file it is important to sign it correctly. If it isn’t signed correctly, the message “YourApp can’t be opened because it is from an unidentified developer.” will appear when a user tries to start the downloaded “.app” file:

To fix this one can use the javafx-maven-plugin. When using it you just have to add some information about your configuration to your pom.xml file. You can find further information on the project’s website but here is an example:

<plugin>
    <groupId>com.zenjava</groupId>
    <artifactId>javafx-maven-plugin</artifactId>
    <version>8.7.0</version>
    <configuration>
        <vendor>YourCompany</vendor>
        <updateExistingJar>true</updateExistingJar>
        <mainClass>YourMainClass</mainClass>
        <appName>YourAppName</appName>
        <verbose>true</verbose>
        <jvmArgs>
            <argument>-Djava.library.path=. -Xms168m -Xmx1024m -XX:+UseG1GC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=30</argument>
        </jvmArgs>
        <bundleArguments>
            <mac.signing-key-developer-id-app>ABC</mac.signing-key-developer-id-app>
            <mac.signing-key-app>ABC</mac.signing-key-app>
            <mac.signing-key-developer-id-installer>DEF</mac.signing-key-developer-id-installer>
            <mac.signing-key-pkg>GHI</mac.signing-key-pkg>
        </bundleArguments>
        <additionalAppResources>libs</additionalAppResources>
    </configuration>
    <executions>
        <execution>
            <id>create-jfxjar</id>
            <phase>package</phase>
            <goals>
                <goal>build-jar</goal>
            </goals>
        </execution>
    </executions>
</plugin>

The important part is in the bundleArguments section. There you can define some parameters for the javapackager, which creates the native application. Depending on if you would like to distribute your application directly or via the Mac AppStore you have to enter different keys here. You can either enter the key’s name or its SHA-1 number (without spaces). Both can be found in the “Keychain Access” program.

After you have finished creating your “.app” file you can check if Guardkeeper will accept it:

# spctl -a -vvvv YourApplication.app

YourApplication.app: accepted
source=Developer ID
origin=Developer ID Application: YourName (YourID)

If it says “accepted” then it should work.