Hi,
We sent our product (based on Eclipse 4.18) to Apple Notarization service and it failed with the following errors for this native library: plugins/com.sun.jna_4.5.1.v20190425-1842.jar/com/sun/jna/darwin/libjnidispatch.jnilib
- The binary is not signed.
- The signature does not include a secure timestamp.
Shouldn't this dependency be codesigned in Orbit?
Should I open a bug?
What is odd is that Eclipse 4.19 seems to be notarized but verifying this lib on the shipped jar we could see that it is not codesigned. I have no other explanation than it is a recent requirement from Apple. If that is the case maybe the notarization of Eclipse 4.20 would face the same issue.
$ cat Eclipse.app/Contents/Eclipse/.eclipseproductname=Eclipse Platform
id=org.eclipse.platform
version=4.19.0
$ spctl -a -vvv -t install Eclipse.appEclipse.app: accepted
source=Notarized Developer ID
origin=Developer ID Application: Eclipse Foundation, Inc. (JCDTMS22B4)
$ jar xf Eclipse.app/Contents/Eclipse/plugins/com.sun.jna_4.5.1.v20190425-1842.jar com/sun/jna/darwin/libjnidispatch.jnilib
$ codesign -vvv --display --deep --strict com/sun/jna/darwin/libjnidispatch.jnilibcom/sun/jna/darwin/libjnidispatch.jnilib: code object is not signed at all
If needed I can provide expected output and full error json provided by the Apple Notarization service.
Thanks in advance,
Martin