Community
Participate
Working Groups
We need to add ability to sign dmg file during the dmg file creation using eclipse-dmg-packager plugin. See https://bugs.eclipse.org/bugs/show_bug.cgi?id=512019#c21 for proposed solution. Going forward we will not be able to ship dmg files without signing as mentioned in https://developer.apple.com/library/content/releasenotes/MacOSX/WhatsNewInOSX/Articles/OSXv10.html#//apple_ref/doc/uid/TP40017145-SW1 So it better to enable signing by default.
New Gerrit change created: https://git.eclipse.org/r/92217
Can we have this feature for M7? We need to deliver mac distribution as a signed dmg for 4.7 Thanks
Yes, it's on the top of my todo list after DevoxxUS next week.
New Gerrit change created: https://git.eclipse.org/r/94154
I've pushed a review with the necessary changes. I will deploy a snapshot version tomorrow and see how it goes from there. I did not want to add a dependency between the jarsigner and dmgpackager services, so I've re-implemented a signer in dmgpackager (hence the new review instead of re-using your scaffolding code)
Gerrit change https://git.eclipse.org/r/94154 was merged to [master]. Commit: http://git.eclipse.org/c/cbi/org.eclipse.cbi.git/commit/?id=97c46fed642101c9e8d91dacd8411689f414b686
The integration tests of the merged commit gives me a valid signature for the sample dmg (https://hudson.eclipse.org/cbi/view/signing-packaging/job/webservices-gerrit/ws/webservice/packaging/dmg/target/integration-tests/org.eclipse.rt.osgistarterkit.product-macosx.cocoa.x86_64.dmg) $ codesign --verify --verbose org.eclipse.rt.osgistarterkit.product-macosx.cocoa.x86_64-2.dmg org.eclipse.rt.osgistarterkit.product-macosx.cocoa.x86_64-2.dmg: valid on disk org.eclipse.rt.osgistarterkit.product-macosx.cocoa.x86_64-2.dmg: satisfies its Designated Requirement I will deploy a new version of the webservice now.
A new version 1.1.4-SNAPSHOT of the eclipse-dmg-packager maven plugin has been deployed. It adds the "sign" parameter to the packager. The value is false by default, hence you need to specify it in your pom. This default value is kept is avoid breaking previous behavior. The new version of the web service is now deployed. I've updated your test job (https://hudson.eclipse.org/releng/view/Releng/job/ATestForSravan/) with the <sign>true</sign> parameter. Both files are properly signed (https://hudson.eclipse.org/releng/view/Releng/job/ATestForSravan/ws/): $ codesign --verify --verbose eclipse-platform-I20170330-2000-macosx-cocoa-x86_64.dmg && codesign --verify --verbose eclipse-SDK-I20170330-2000-macosx-cocoa-x86_64.dmg eclipse-platform-I20170330-2000-macosx-cocoa-x86_64.dmg: valid on disk eclipse-platform-I20170330-2000-macosx-cocoa-x86_64.dmg: satisfies its Designated Requirement eclipse-SDK-I20170330-2000-macosx-cocoa-x86_64.dmg: valid on disk eclipse-SDK-I20170330-2000-macosx-cocoa-x86_64.dmg: satisfies its Designated Requirement Feel free to reopen if needed.
*** Bug 461673 has been marked as a duplicate of this bug. ***
