From the message I suspect you may be missing step 3. In step 3 we specify explicit signer url. Please use that other wise you will not have secure timestamp ot hardened runtime enabled
Hi,
thanks for the hint. It seems that really the issue was that I tried to trigger to notarization from the download area. Moving it to the Jenkins area works. But now I get errors from the notarization service.
The signature does not include a secure timestamp.
The executable does not have the hardened runtime enabled.
The binary is not signed.
I have added the following to the pom.xml of the product project.
<plugin>
<groupId>org.eclipse.cbi.maven.plugins</groupId>
<artifactId>eclipse-dmg-packager</artifactId>
<version>${cbi-version}</version>
<executions>
<execution>
<goals>
<goal>package-dmg</goal>
</goals>
<phase>integration-test</phase>
<configuration>
<source>${project.build.directory}/products/org.eclipse.nebula.widgets.nattable.examples.e4.product-macosx.cocoa.x86_64.tar.gz</source>
<continueOnFail>true</continueOnFail>
<timeoutMillis>600000</timeoutMillis> <!-- 10 min -->
<continueOnFail>${macSigner.forceContinue}</continueOnFail>
<sign>true</sign>
</configuration>
</execution>
</executions>
</plugin>
The cbi-version is 1.1.8-SNAPSHOT. Any idea why the created dmg file seems to be incorrect?