Create Dmg File Mac For Java App

Aug 13, 2018 All you really need to do is double-click the DMG file to open it and mount it to your Mac. The DMG mounts in two places: on your desktop and in the Finder sidebar under your hard drive. Clicking either one of these opens the DMG file. When you open a DMG file, you’ll usually see two things: the app and a link to your applications folder. How to create a dmg file for a.app for mac.? It's a subjective issue, but.dmg's are a good and popular way to distribute the apps - user double-clicks, drags app, ejects just as they would a USB stick, done. You can get apps to help you build them, but its not too Hard with Disk Utility, you just need to mess around a little to make it look nice.

June 10, 2020

One of the main global trends in IT is the safety of users and preventing the spread of malicious programs, but at the same time, it greatly complicates the life of developers. There are different approaches to solving the issue associated with software security. The most common is the use of an antivirus tool by scanning a computer for malware. A complementary approach was taken by Apple, which introduced the Gatekeeper software to force code signing and check downloaded applications before allowing them to run.

The trend is moving towards deanonymization, the violation of anonymity when customers of compromised software have their personal data leaked. The need for notarization arises as a counter to this negative trend by giving users the confidence that a software package was created by an identified developer and checked for malware.

Regarding security, an example is Windows Defender, which applies a signing code for verifying the compliance of a program to security requirements.

Websites use SSL (Security Sockets Layer) certificates for the purpose of ensuring privacy, authentication, and data integrity in online communications. Apple, on the other hand, introduced notarization infrastructure.

Regardless of who is notarizing software, the fact remains that it is an essential, albeit burdensome element of software development imposed by Apple as a requirement now. But there are ways to simplify and even ameliorate the process of notarization for applications in Java and JavaFX that are provided by distributors like Liberica JDK, thus making it a routine procedure, rather than an unpleasant allocation of time and resources.The main advantage of resorting to Liberica JDK is ensuring that applications bundled with the runtime as a single package will be able to pass the notarization procedure smoother and with greater ease.

What is notarization? Why is it necessary?

Notarization gives users more confidence that the Developer ID-signed software being distributed has been checked by Apple for malicious components.Notarization is not an App Review service, as the Apple notary service is an automated system that scans software for malicious content, checks for code-signing issues, and returns the results to the user quickly. If there are no issues, the notary service generates a ticket for the user to staple to their software. The notary service also publishes that ticket online where Gatekeeper can find it.When the user first installs or runs any new software, the presence of a ticket, either online or attached to the executable file, tells Gatekeeper that Apple notarized the software. Gatekeeper then places descriptive information in the initial launch dialog to help the user make an informed choice about whether to launch the app. Now, since the procedure has become mandatory beginning with MacOS Catalina 10.15, it is impossible to launch a non-notarized application.

Liberica JDK is a notarized product. What will that give its customers and users?

Liberica JDK is an alternative to Java and acts as the basis for application development and launching Java SE applications.As an officially recognized and certified application, Liberica JDK has gone through all the steps of notarization and provides full notarization compliance of its software.Liberica JDK binaries have already been notarized for a year since last summer. OpenJDK notarization is not an obvious process and requires a deep signing of all binaries and modules. And Liberica successfully passed the notarization procedure.In order to create an application and have it notarized, users need to refer to already notarized software. This is why using Liberica JDK is one of the easiest and most straightforward means of developing applications that will be recognized and notarized by the Apple notary service. By referring to the notarized Liberica JDK package as an alternative to Java, application developers will be able to receive a shortcut in having their software verified in the future. It is quite easy with Liberica JDK having a special build that facilitates the delivery of app bundles.

The Javapackager element

An important element of the application notarization procedure and an integral part of the Liberica JDK package.The Java Packager tool already comes with the JDK and allows packaging Java applications from the command line, thus being an alternative to other third-party tools. It is important to note that the Java Packager does not automatically produce a Jar file. Many other packager formats are available, including native executable ones tailored for various platforms.Liberica JDK’s Javapackager is ultimately applied during the build process, to create applications that would get easily notarized. Alternatively, it may be used as a standalone tool.

The javapackager tool gives us several options:

File
  • Create a macOS application image (for testing purposes)
  • Create a notarized DMG image (suitable for distribution to end users)
  • Create a notarized PKG installer (suitable for distribution to end users)

In this article, we will demonstrate how to perform all three operations.

What if you need to notarize your Java or JavaFX application? A guide

When new software is being developed and notarized, the developer will have to pass several stages for having their software comply with the requirements set by Apple. The procedure applies to all applications written in Java/JavaFX or the Liberica suite.

If you want to make an app using Liberica JDK and Java Packager, you should walk through several stages: create a jar file containing your application, generate a bundle and notarize it.

For the notarization to be successful, it is necessary to get a special build of Liberica JDK 8u252 for MacOS, which allows creating a signed application that will be notarized. In this example, it is called bellsoft-jdk8u252+9-macos-amd64-full-nosign.zip. We use a special unsigned Liberica JDK 8u252 because the javapackager cannot re-sign already signed JDK files.

Extract the unsigned Liberica JDK 8u252 bundle:

Also, before creating notarized bundles, do not forget to unlock the developer key:

We will next create installer bundles and illustrate this step with the Recaf app.

Building an application JAR file

Recaf version 2.0.0 will serve as an example since it has a better architecture to work as a standalone macOS application. First, we should build a Recaf jar file, create an application bundle and notarize it. The notary service verifies the app’s content; it goes through a jar file and checks that all native libraries in an executable file are signed. So, our job here is to create a Recaf file, check if it has a native part and sign it.

Clone Recaf to your workspace:

Check out the Recaf 2 branch:

Compile and package it using the build script or with

If your build is successful, the resulting jar file will be placed in the target directory and called recaf-2.0.0-J8-jar-with-dependencies.jar.

Java Packager takes the application main class as one of its inputs. If the application’s main class name is unknown, you can easily find it out:

  1. Type in the following command to extract the manifest from the jar file:

  2. Inspect the extracted MANIFEST.MF to find the main class:

The output with the main class name for Recaf is:

Signing native libraries within the application

Without signing all native libraries within an application, it will not get notarized. If your app has no native libraries, skip this step. Otherwise, you should expect a notarization error: The Apple notary service will respond with an error message indicating the presence of an unsigned library.

Our sample application, Recaf, does contain a native library libjnidispatch.jnilib inside its jar file. This means we need to sign the native library file in Recaf’s jar for further notarization. Follow these steps:

  1. Extract the library from the jar file:

  2. Unlock the key chain:

  3. Create an entitlements file for signing the library (we will use the same entitlements as is used in Liberica JDK, see below).

  4. Sign the library:

  5. Add the signed library to Recaf`s jar file:

Now you can use the Recaf jar to create and notarize your macOS application with bundled Liberica JDK.

Creating a Mac application image with bundled Liberica JDK

App

Liberica JDK's javapackager signs the application, adds the necessary entitlements, secures timestamp and the hardened runtime while creating native macOS images.

Should you need help on the options, type in the inline help command:

Here are all the bundler parameters for Mac Application Image (mac.app):

Next step is to create a Mac native application image with the following command:

Besides, you may pass your entitlements file using the-Bmac.entitlements=<entitlements file path> option. If the entitlement file is not specified, the following entitlements are used: take the following ones:

The resulting image will be created in the res_image/bundles/Recaf.app directory.

You can ensure that your application is signed and has the necessary properties/options with the command:

It should produce the following output:

Given that application images are most suitable for testing and not typically used directly in distribution, we will now focus on creating DMG or PKG bundles tailored for end users.

Create Dmg File Mac For Java App Download

Creating a DMG bundle

Choosing between DMGs and PKGs depends on your preference. While these two are perfect for end-user distribution, they possess slightly different qualities. Some developers and vendors ship software in both formats, or go for wrapping a PKG inside a DMG. DMG is effectively a disk image the end user can click on and install an application in the same way as when inserting a CD.

Issue the following command to create a DMG image with javapackager:

The ready DMG image will be placed in ./res_dmg/bundles/Recaf-2.0.0-liber.dmg.

Then submit the newly made DMG bundle to Apple for a standard procedure and get it notarized. Apple provides a set of tools for notarizing bundles. The two important ones are altool (to interact with the notary service) and stapler (to work with notarization results and staple the bundle afterward).

Send the DMG bundle to the Apple notary service by typing in the command:

You should get the response:

At this point, you need to wait for a response from the notary service and check the notarization request status occasionally using the provided request UUID:

Please note that you will have to wait a while for the notarization status. If requested right away, instead of the status, an error will show up saying the request UUID is not found. This is what you will see when the service processes your bundle:

Mac

Once the bundle is verified, you will get the ‘success’ status, and the package becomes approved:

By following the LogFileURL link, you will get a formatted JSON response:

Now that the Apple notary service has approved the bundle and generated a special ticket, staple the bundle with the command:

The output of the ticket stapling command should look like:

Validating the DMG bundle

You can also validate your bundle separately with the command:

This should produce the following output:

If the validation is successful, you should be able to install the application!

Creating a PKG bundle

As we said before, it is required to choose either a DMG or PKG file to create at this stage. You may opt for PKG as this installer format provides sophisticated means to build an application installation experience.

The instructions for making a notarized PKG file using the javapackager are very similar to those for the DMG one.

Type in this command to generate a PKG bundle for Recaf:

Then you should notarize it by sending to the Apple notary service:

The output will look like this:

Wait a little and check the notarization results:

Please note that it may take some time for the Apple notary service to process the request.

When the notarization is complete, this command will return:

You may follow the LogFileURL link to see the notarization details for your bundle:

Having done that, staple the generated ticket to the application:

This command will produce the following output:

Validating the PKG bundle

You can check the signature in the PKG file by clicking the lock icon in the top right corner. The popped-up dialog informs of all its details.

Conclusion

Notarizing an application with the Liberica JDK package and the Javapackager is a straightforward and easy process. Remember to follow the steps thoroughly and use an unsigned copy of Liberica JDK.Just contact us if you need it, and our support team will gladly help you. The resulting application will be notarized and have the necessary credentials to comply with the requirements set by Apple.

Dmg Files Not Opening On A Mac

Useful links