I don’t have any other suggestions now. We need to wait for Mikael to return from his vacation. Thanks Sravan From: Dirk Fauth <dirk.fauth@xxxxxxxxx> Sent: 27 May 2020 11:38 To: Common-build Developers discussion <cbi-dev@xxxxxxxxxxx> Subject: [EXTERNAL] Re: [cbi-dev] MacOS notarization Hi, thanks for the hint. But it seems this is not the the cause. I had some conversation with Mikael before writing to this mailing list. And he said that actually the default signerUrl redirects to the correct service. I tested it anyhow to see if there is some issue with the default and added the signerUrl like you suggested. But I still get the same errors. After reviewing the the file https://git.eclipse.org/c/nattable/org.eclipse.nebula.widgets.nattable.git/tree/org.eclipse.nebula.widgets.nattable.examples.e4.product/pom.xml I can say you are missing signerUrl parameter to your eclipse-macsigner-plugin. See https://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/tree/eclipse.platform.releng.tychoeclipsebuilder/sdk/pom.xml#n122 on how we did it in platform Thanks Sravan Hi, There are multiple stages in the notarization process - Sign native libraries and executables with hardened runtime and entitlements. (platform team does this nothing to be done from end user side unless you have a native library)
- Create eclipse app you can use tycho-p2-director-plugin (See https://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/tree/eclipse.platform.releng.tychoeclipsebuilder/sdk/pom.xml#n49)
- Sign eclipse app with hardened runtime and entitlements you can use mac signer plugin (see https://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/tree/eclipse.platform.releng.tychoeclipsebuilder/sdk/pom.l#n108). Probably you missed this step
- Create signed dmg you can use eclipse-dmg-packager (see https://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/tree/eclipse.platform.releng.tychoeclipsebuilder/sdk/pom.xml#n127)
- Then notarize your application.
From the message I suspect you may be missing step 3. In step 3 we specify explicit signer url. Please use that other wise you will not have secure timestamp ot hardened runtime enabled Hope this helps Sravan From: Dirk Fauth <dirk.fauth@xxxxxxxxx> Sent: 20 May 2020 20:02 To: Common-build Developers discussion <cbi-dev@xxxxxxxxxxx> Subject: [EXTERNAL] Re: [cbi-dev] MacOS notarization Hi, thanks for the hint. It seems that really the issue was that I tried to trigger to notarization from the download area. Moving it to the Jenkins area works. But now I get errors from the notarization service. The signature does not include a secure timestamp. The executable does not have the hardened runtime enabled. The binary is not signed. I have added the following to the pom.xml of the product project. <plugin> <groupId>org.eclipse.cbi.maven.plugins</groupId> <artifactId>eclipse-dmg-packager</artifactId> <version>${cbi-version}</version> <executions> <execution> <goals> <goal>package-dmg</goal> </goals> <phase>integration-test</phase> <configuration> <source>${project.build.directory}/products/org.eclipse.nebula.widgets.nattable.examples.e4.product-macosx.cocoa.x86_64.tar.gz</source> <continueOnFail>true</continueOnFail> <timeoutMillis>600000</timeoutMillis> <!-- 10 min --> <continueOnFail>${macSigner.forceContinue}</continueOnFail> <sign>true</sign> </configuration> </execution> </executions> </plugin> The cbi-version is 1.1.8-SNAPSHOT. Any idea why the created dmg file seems to be incorrect? What is your complete curl command? Are you using curl file:/// ? On 2020-05-19 1:40 p.m., Dirk Fauth wrote: Hi, I am trying to get the signing and notarization working for MacOS for the NatTable Example application. I tried to adapt the shell script from platform and Oomph, but it seems my knowledge of curl etc. are not good enough. I always get the following error: curl: (26) couldn't open file "org.eclipse.nebula.widgets.nattable.examples.e4.product-macosx.cocoa.x86_64.dmg" Although I think I am in the right directory and things should work. I really don't understand what is going wrong. It would be great if someone could lend me an hand on solving this problem. As Mikael already asked me to do, I will also write some hints in the wiki about the notarization etc. to help others in the future. But to do so it should work at least. Probably I am only missing some simple thing, but I really don't see what. _______________________________________________ cbi-dev mailing list cbi-dev@xxxxxxxxxxx To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cbi-dev
-- Denis Roy Director, IT Services | Eclipse Foundation, Inc. Eclipse Foundation: The Platform for Open Innovation and Collaboration Twitter: @droy_eclipse _______________________________________________ cbi-dev mailing list cbi-dev@xxxxxxxxxxx To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cbi-dev
_______________________________________________ cbi-dev mailing list cbi-dev@xxxxxxxxxxx To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cbi-dev
|