Hi, There are multiple stages in the notarization process - Sign native libraries and executables with hardened runtime and entitlements. (platform team does this nothing to be done from end user side unless you have a native library)
- Create eclipse app you can use tycho-p2-director-plugin (See https://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/tree/eclipse.platform.releng.tychoeclipsebuilder/sdk/pom.xml#n49)
- Sign eclipse app with hardened runtime and entitlements you can use mac signer plugin (see https://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/tree/eclipse.platform.releng.tychoeclipsebuilder/sdk/pom.xml#n108). Probably you missed this step
- Create signed dmg you can use eclipse-dmg-packager (see https://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/tree/eclipse.platform.releng.tychoeclipsebuilder/sdk/pom.xml#n127)
- Then notarize your application.
From the message I suspect you may be missing step 3. In step 3 we specify explicit signer url. Please use that other wise you will not have secure timestamp ot hardened runtime enabled Hope this helps Sravan From: Dirk Fauth <dirk.fauth@xxxxxxxxx>
Sent: 20 May 2020 20:02
To: Common-build Developers discussion <cbi-dev@xxxxxxxxxxx>
Subject: [EXTERNAL] Re: [cbi-dev] MacOS notarization Hi, thanks for the hint. It seems that really the issue was that I tried to trigger to notarization from the download area. Moving it to the Jenkins area works. But now I get errors from the notarization service. The signature does not include a secure timestamp. The executable does not have the hardened runtime enabled. The binary is not signed. I have added the following to the pom.xml of the product project. <plugin>
<groupId>org.eclipse.cbi.maven.plugins</groupId>
<artifactId>eclipse-dmg-packager</artifactId>
<version>${cbi-version}</version>
<executions>
<execution>
<goals>
<goal>package-dmg</goal>
</goals>
<phase>integration-test</phase>
<configuration>
<source>${project.build.directory}/products/org.eclipse.nebula.widgets.nattable.examples.e4.product-macosx.cocoa.x86_64.tar.gz</source>
<continueOnFail>true</continueOnFail>
<timeoutMillis>600000</timeoutMillis> <!-- 10 min -->
<continueOnFail>${macSigner.forceContinue}</continueOnFail>
<sign>true</sign>
</configuration>
</execution>
</executions>
</plugin> The cbi-version is 1.1.8-SNAPSHOT. Any idea why the created dmg file seems to be incorrect? What is your complete curl command? Are you using curl file:/// ? On 2020-05-19 1:40 p.m., Dirk Fauth wrote: Hi, I am trying to get the signing and notarization working for MacOS for the NatTable Example application. I tried to adapt the shell script from platform and Oomph, but it seems my knowledge of curl etc. are not good enough. I always get the following error: curl: (26) couldn't open file "org.eclipse.nebula.widgets.nattable.examples.e4.product-macosx.cocoa.x86_64.dmg" Although I think I am in the right directory and things should work. I really don't understand what is going wrong. It would be great if someone could lend me an hand on solving this problem. As Mikael already asked me to do, I will also write some hints in the wiki about the notarization etc. to help others in the future. But to do so it should work at least. Probably I am only missing some simple thing, but I really don't see what. _______________________________________________ cbi-dev mailing list cbi-dev@xxxxxxxxxxx To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cbi-dev
-- Denis Roy Director, IT Services | Eclipse Foundation, Inc. Eclipse Foundation: The Platform for Open Innovation and Collaboration Twitter: @droy_eclipse _______________________________________________
cbi-dev mailing list
cbi-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cbi-dev
|
