Hi,
thanks for the hint. It seems that really the issue was that I tried to trigger to notarization from the download area. Moving it to the Jenkins area works. But now I get errors from the notarization service.
The signature does not include a secure timestamp.
The executable does not have the hardened runtime enabled.
The binary is not signed.
I have added the following to the pom.xml of the product project.
<plugin>
<groupId>org.eclipse.cbi.maven.plugins</groupId>
<artifactId>eclipse-dmg-packager</artifactId>
<version>${cbi-version}</version>
<executions>
<execution>
<goals>
<goal>package-dmg</goal>
</goals>
<phase>integration-test</phase>
<configuration>
<source>${project.build.directory}/products/org.eclipse.nebula.widgets.nattable.examples.e4.product-macosx.cocoa.x86_64.tar.gz</source>
<continueOnFail>true</continueOnFail>
<timeoutMillis>600000</timeoutMillis> <!-- 10 min -->
<continueOnFail>${macSigner.forceContinue}</continueOnFail>
<sign>true</sign>
</configuration>
</execution>
</executions>
</plugin>
The cbi-version is 1.1.8-SNAPSHOT. Any idea why the created dmg file seems to be incorrect?