Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Bug 550997 - notarize mac apps
Summary: notarize mac apps
Status: CLOSED FIXED
Alias: None
Product: EPP
Classification: Technology
Component: Releng (show other bugs)
Version: unspecified   Edit
Hardware: PC Mac OS X
: P3 critical (vote)
Target Milestone: later   Edit
Assignee: Project Inbox CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-09-12 03:28 EDT by Mikaël Barbero CLA
Modified: 2019-12-10 10:30 EST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mikaël Barbero CLA 2019-09-12 03:28:48 EDT 
See bug 549814.
Comment 1 Eclipse Genie CLA 2019-09-12 03:31:27 EDT 
New Gerrit change created: https://git.eclipse.org/r/149396
Comment 2 Mikaël Barbero CLA 2019-09-12 03:32:59 EDT 
The first patch above adds hardened runtime and entitlements to the macos products. These are pre-requisite to enable notarization.

*Without notarization, epp products won't run on upcoming macos 10.15 (catalina).*
Comment 4 Markus Knauer CLA 2019-09-12 07:10:42 EDT 
It looks like this change didn't work in the real EPP job. It just crashed with 

[ERROR] Failed to execute goal org.eclipse.cbi.maven.plugins:eclipse-macsigner-plugin:1.1.8-SNAPSHOT:sign (sign) on project epp.package.cpp: Execution sign of goal org.eclipse.cbi.maven.plugins:eclipse-macsigner-plugin:1.1.8-SNAPSHOT:sign failed.: IllegalArgumentException -> [Help 1]

in build https://ci.eclipse.org/packaging/job/simrel.epp-tycho-build/599/.
Comment 5 Eclipse Genie CLA 2019-09-12 07:55:34 EDT 
New Gerrit change created: https://git.eclipse.org/r/149408
Comment 6 Mikaël Barbero CLA 2019-09-12 07:55:53 EDT 
Should fix the issue.
Comment 8 Mikaël Barbero CLA 2019-09-12 10:06:20 EDT 
Build #600 looks better.
Comment 9 Markus Knauer CLA 2019-09-12 10:22:31 EDT 
Much better...
Be honest... you just wanted to see build number #600 (instead of 599) and tricked me with the wrong path! ;-)

Thank you for the patch!
Comment 10 Mikaël Barbero CLA 2019-09-17 06:39:23 EDT 
Now that all EPP are built, we still need to notarize the dmg. Would you like me to create a job on the EPP JIPP to do that?
Comment 11 Markus Knauer CLA 2019-09-17 06:41:44 EDT 
(In reply to Mikaël Barbero from comment #10)
> Now that all EPP are built, we still need to notarize the dmg. Would you
> like me to create a job on the EPP JIPP to do that?

Ah, you were watching? :-)
Yes, that would be appreciated!
Comment 12 Mikaël Barbero CLA 2019-09-17 08:24:03 EDT 
AFAICT, dmg for RC2a are only on Jenkins currently, correct?
Comment 13 Markus Knauer CLA 2019-09-17 09:16:46 EDT 
(In reply to Mikaël Barbero from comment #12)
> AFAICT, dmg for RC2a are only on Jenkins currently, correct?

Strictly speaking I already copied them to the download server, but we need to update them there once the notarized ones are available. i.e. the build version is already "invisible" in /home/data/httpd/download.eclipse.org/technology/epp/downloads/release/2019-09/R/.
These files are binary identical to the ones from build #603 in Jenkins.
Comment 14 Mikaël Barbero CLA 2019-09-17 09:33:29 EDT 
I'm notarizing all dmg in this folder as of speaking https://ci.eclipse.org/packaging/job/macos-notarization
Comment 15 Mikaël Barbero CLA 2019-09-17 12:11:18 EDT 
All dmg are now notarized: https://ci.eclipse.org/packaging/job/macos-notarization/9/. 

Do you want me to move the stapled version to /home/data/httpd/download.eclipse.org/technology/epp/downloads/release/2019-09/R/

?
Comment 16 Mikaël Barbero CLA 2019-09-17 15:47:13 EDT 
I'm now re-running the script that will move the stapled version to download.eclipse.org.
Comment 17 Mikaël Barbero CLA 2019-09-17 16:16:48 EDT 
Done.
Comment 18 Mikaël Barbero CLA 2019-12-10 10:30:12 EST 
We're done here.