[Solved] MacOs. Unable to retrieve the master password while adding CDO Repository. [message #1805463] |
Mon, 15 April 2019 15:41 |
Simon Kuzin Messages: 18 Registered: February 2019 Location: Singapore |
Junior Member |
|
|
Dear all,
would like to share my findings on solving issues of secure storage issues on MacOS.
It might be a trivial thing for you, however i was not able to find direct description of the issue nor in forums nor in bugzilla and had to spent a day of tracing secure storage and macos keyring adapter code to find a solution.
Environment:
MacOS Mojave.
CDO server with authentication enabled.
Scenario:
Add new CDO Repository in "CDO Repositories" view.
Fill all parameters. Click Finish.
While adding new CDO repository , Papyrus displays "Not Authenticated" error message box or message box with error icon and no text.
In error log there is following message:
Secure storage was unable to retrieve the master password from the OS keyring. Make sure that this application has access to the OS keyring. If the error persists, the password recovery feature could be used, or secure storage can be deleted and re-created.
Root Cause:
I found that code signature on papyrus executable is invalid, so macos was denying access to keyring.
Solution:
1. Close Papyrus and all instances of Eclipse based apps.
2. Verify Papyrus code signature
$ codesign -v /Applications/Papyrus.app/Contents/MacOS/papyrus
3. Verification is expected to fail. If not - you do have a different issue :)
4. Papyrus creates some crash logs Papyrus.app/Contents/MacOS/ directory. This drives MacOs crazy :) Remove all files , except "papyrus" from /Applications/Papyrus.app/Contents/MacOS/ directory
5. Re-sign papyrus
$ codesign -f -s - /Applications/Papyrus.app/Contents/MacOS/papyrus
6. Delete ~/.eclipse/org.eclipse.equinox.security/secure_storage file. Even if by chance it has some data successfully encrypted with osxkeystoreintegration, by this moment they already invalid.
7. Start Papyrus. Now adding CDO connections should work fine.
The same solution should be effective for any other eclipse based application and any other case of data stored in encrypted way in secure storage.
Hope it will save someones time.
[Updated on: Mon, 15 April 2019 15:45] Report message to a moderator
|
|
|
|
|
Powered by
FUDForum. Page generated in 0.04106 seconds