I'm willing to help improving the CBI macOS signing to let project notarize their apps. However, I would need some help about the "Hardened Runtime capability". I guess this is something to be done on the Tycho or Equinox side first, correct?
Also, from what I read here https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/customizing_the_notarization_workflow#3087732, the notarization process "typically takes less than an hour". It means that it could make the build much slower than it is today (esp. because today the signing process is synchronous with the build). Any idea how to change that? Should the signing/notarization occur in a separate CI job? @Thomas IIRC notarized apps cannot be modified, meaning that config files, p2 bundle pool etc.. can't live inside the .app anymore. Correct? If this is the case, how do you follow https://developer.apple.com/library/archive/documentation/CoreFoundation/Conceptual/CFBundles/BundleTypes/BundleTypes.html#//apple_ref/doc/uid/10000123i-CH101-SW13 more closely? Do you store config files, bundle pool etc. in folders recommended by https://developer.apple.com/library/archive/documentation/FileManagement/Conceptual/FileSystemProgrammingGuide/AccessingFilesandDirectories/AccessingFilesandDirectories.html#//apple_ref/doc/uid/TP40010672-CH3-SW11? Thanks. Mikaël Barbero Team Lead - Release Engineering | Eclipse Foundation 📱 (+33) 642 028 039 | 🐦 @mikbarbero Eclipse Foundation <http://www.eclipse.org/>: The Platform for Open Innovation and Collaboration > Le 5 août 2019 à 10:35, Torkild U. Resheim <torki...@gmail.com> a écrit : > > Hi all, > > I think I’m also seeing a problem related to the notarization process[1]. > Using macOS 10.15 beta (19A526h) I downloaded and attempted to run the > Eclipse installer which resulted in the following message: > > «Eclipse-inst-mac64.dmg» can’t be opened because Apple cannot check it for > malicious software. > > Best regards, > Torkild > > [1] > https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution > >> 1. aug. 2019 kl. 13:46 skrev Thomas Singer <ts-...@syntevo.com>: >> >> Hello, >> >> According to my information, macOS 10.15 does not accept simple signed >> applications any more, but requires a more complicated "notarization" >> process that requires the application to be signed with "hardened runtime". >> >> I've successfully notarized our application, but it fails even on 10.14 with >> the following exception: >> >> java.lang.NullPointerException >> at org.eclipse.swt.widgets.Composite._getChildren(Composite.java:99) >> at org.eclipse.swt.widgets.Composite.reskinChildren(Composite.java:979) >> at org.eclipse.swt.widgets.ToolBar.reskinChildren(ToolBar.java:716) >> at org.eclipse.swt.widgets.Widget.reskin(Widget.java:423) >> at org.eclipse.swt.widgets.Widget.setData(Widget.java:1704) >> >> Did someone already got a non-trivial Java/SWT application signed/notarized >> correctly for macOS 10.15 that also runs without problems? >> >> -- >> Best regards, >> Thomas Singer >> ============= >> syntevo GmbH >> https://www.syntevo.com >> https://www.syntevo.com/blog >> _______________________________________________ >> platform-dev mailing list >> platform-dev@eclipse.org >> To change your delivery options, retrieve your password, or unsubscribe from >> this list, visit >> https://www.eclipse.org/mailman/listinfo/platform-dev > > _______________________________________________ > platform-dev mailing list > platform-dev@eclipse.org > To change your delivery options, retrieve your password, or unsubscribe from > this list, visit > https://www.eclipse.org/mailman/listinfo/platform-dev
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ platform-dev mailing list platform-dev@eclipse.org To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/platform-dev
