Closed cxbrooks closed 4 years ago
My changes fixed the issue, here are some notes about the solution:
macOS signing To sign the macOS executables use the eclipse-macsigner-plugin
<plugin> <groupId>org.eclipse.cbi.maven.plugins</groupId> <artifactId>eclipse-macsigner-plugin</artifactId> <version>${cbi-version}</version> <executions> <execution> <id>sign</id> <goals> <goal>sign</goal> </goals> <phase>package</phase> <configuration> <signFiles> <signFile>${project.build.directory}/products/${product-folder}/macosx/cocoa/x86_64/Eclipse.app</signFile> </signFiles> <timeoutMillis>300000</timeoutMillis> <continueOnFail>${macSigner.forceContinue}</continueOnFail> <entitlements>${project.basedir}/application.entitlement</entitlements> </configuration> </execution> </executions> </plugin>
Entitlements The security guidelines for macOS application development requires the definition of Entitlements to grant an executable permission to use a service or technology. The entitlements used by the Eclipse Platform are defined here
eclipse.platform.releng.tychoeclipsebuilder/sdk/pom.xml has
<plugin>
<groupId>org.eclipse.cbi.maven.plugins</groupId>
<artifactId>eclipse-macsigner-plugin</artifactId>
<version>${cbi-plugins.version}</version>
<executions>
<execution>
<goals>
<goal>sign</goal>
</goals>
<phase>package</phase>
<configuration>
<timeoutMillis>300000</timeoutMillis> <!-- 5 min -->
<continueOnFail>${macSigner.forceContinue}</continueOnFail>
<entitlements>${project.basedir}/../entitlement/sdk.entitlement</entitlements>
<signerUrl>http://172.30.206.146:8282/macosx-signing-service/1.0.1-SNAPSHOT</signerUrl>
</configuration>
</execution>
</executions>
</plugin>
eclipse-platform-parent/pom.xml sets
<cbi-plugins.version>1.1.8-SNAPSHOT</cbi-plugins.version>
eclipse.platform.releng.tychoeclipsebuilder/entitlement has three entitlement files that are all the same:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-executable-page-protection</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.cs.debugger</key>
<true/>
</dict>
</plist>
So, it would seem that the solution is to update the cbi version number and to add an entitlement file.
When I download the 0.4.0M1 macOS zip file, unzip and run
a dialog pops up that states:
This seems to be a signing problem. I saw a similar issue earlier with the 0.3.1 installer.