Community
Participate
Working Groups
Created attachment 282309 [details] Error description We have installed signed and Notarized Eclipse RCP based application on Mac 10.14. When we try to launch this app with JDK1.8.0_241, it is reporting error - The JVM shared library "/Library/Java/JavaVirtualMachines/jdk1.8.0_241.jdk/Contents/Home/bin/.../jre/lib/server/libjvm.dylib" does not contain the JNI_CreateJavaVM symbol. I tried by changing Info.list by uncommenting JDK declaration with /Library/Java/JavaVirtualMachines/{your_jdk_package_name}/Contents/Home/bin/java. But still it is not working. Please let us what we have to do to fix this issue.
Looks like exact situation described in https://bugs.eclipse.org/bugs/show_bug.cgi?id=550674#c10 The way we resolved is to sign native executables and libraries with hardened runtime and entitlements Here is the list of files that needs to be signed with hardened runtime ./eclipse.platform.releng.aggregator/eclipse.platform.swt.binaries/bundles/org.eclipse.swt.cocoa.macosx.x86_64/libswt-pi-cocoa-4932r18.jnilib ./eclipse.platform.releng.aggregator/eclipse.platform.swt.binaries/bundles/org.eclipse.swt.cocoa.macosx.x86_64/libswt-awt-cocoa-4932r18.jnilib ./eclipse.platform.releng.aggregator/eclipse.platform.swt.binaries/bundles/org.eclipse.swt.cocoa.macosx.x86_64/libswt-cocoa-4932r18.jnilib ./eclipse.platform.releng.aggregator/rt.equinox.bundles/bundles/org.eclipse.equinox.security.macosx/libkeystoreNative.jnilib ./eclipse.platform.releng.aggregator/eclipse.platform.resources/bundles/org.eclipse.core.filesystem.macosx/os/macosx/libunixfile_1_0_0.jnilib ./rt.equinox.binaries/org.eclipse.equinox.launcher.cocoa.macosx.x86_64/eclipse_1902.so and the following file with hardened runtime with entitlements eclipse.platform.releng.aggregator/rt.equinox.binaries/org.eclipse.equinox.executable/bin/cocoa/macosx/x86_64/Eclipse.app/Contents/MacOS/eclipse Entitlements file is available here ./eclipse.platform.releng.aggregator/eclipse.platform.releng.tychoeclipsebuilder/entitlement/sdk.entitlementd entitlements.
Hi Shravan, where can i get eclipse.platform.releng.aggregator entitle files.
Is it correct location for entitlement file https://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/tree/eclipse.platform.releng.tychoeclipsebuilder/entitlement
(In reply to satish Chinthanippu from comment #3) > Is it correct location for entitlement file > https://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/ > tree/eclipse.platform.releng.tychoeclipsebuilder/entitlement this is the file we used for entitlements https://git.eclipse.org/c/platform/eclipse.platform.releng.aggregator.git/tree/eclipse.platform.releng.tychoeclipsebuilder/entitlement/sdk.entitlement
Created attachment 282315 [details] Eclipse modules we are using for our product
Thank you Sravan. and also this RCP application built on eclipse oxygen 4.7.3. We are using TychoBuild to build our product to generate packages for Mac, Windows and Linux. We are using equinox, swt, emf and datatools modules in our product. and also our product will work with only Java 1.8 and 10. Now, we have to support mac 10.15. For this, our application has be signed and notarized. to do this, what kind of steps we need to follow to make our product work in mac 10.15 system? 1. Do we need migrate to any specific notarized eclipse version (instead of oxygen 4.7.3)for this? or is it okay to continue with oxygen? 2. Do we need to use notarized Java version (java 14 is only notarized from Oracle) only? Please find the EclipseModulesWithVersions.txt for more details what eclipse moduels we are using for our product. Can you please advice on this
(In reply to satish Chinthanippu from comment #6) > Thank you Sravan. > > and also this RCP application built on eclipse oxygen 4.7.3. We are using > TychoBuild to build our product to generate packages for Mac, Windows and > Linux. We are using equinox, swt, emf and datatools modules in our product. > and also our product will work with only Java 1.8 and 10. > Now, we have to support mac 10.15. For this, our application has be signed > and notarized. to do this, what kind of steps we need to follow to make our > product work in mac 10.15 system? > 1. Do we need migrate to any specific notarized eclipse version (instead of > oxygen 4.7.3)for this? or is it okay to continue with oxygen? > 2. Do we need to use notarized Java version (java 14 is only notarized from > Oracle) only? > > Please find the EclipseModulesWithVersions.txt for more details what eclipse > moduels we are using for our product. > > Can you please advice on this My suggestion would be to migrate to latest version(4.13 and above are signed with hardened runtime and entitlements) of eclipse. With that you can use any version of java because of entitlements. For the rcp product you still need to notarize. This is end product's responsibility.
once again thank you sravan. For the rcp product you still need to notarize. This is end product's responsibility. Means do we need to notarize eclipse dependencies as well even if RCP prodcut built on eclipse 4.13? like what you mention in previous post org.eclipse.swt.cocoa.macosx.x86_64/libswt-pi-cocoa-4932r18.jnilib? If we use eclipse oxygen, is it sufficient to notarize list, what ever you mention in previous post along with our product libraries or anything else we need to notarize?
got this info from your post on https://bugs.eclipse.org/bugs/show_bug.cgi?id=550674. Thank you.
(In reply to satish Chinthanippu from comment #8) > once again thank you sravan. > > For the rcp product you still need to notarize. This is end product's > responsibility. > > Means do we need to notarize eclipse dependencies as well even if RCP > prodcut built on eclipse 4.13? like what you mention in previous post > org.eclipse.swt.cocoa.macosx.x86_64/libswt-pi-cocoa-4932r18.jnilib? > > If we use eclipse oxygen, is it sufficient to notarize list, what ever you > mention in previous post along with our product libraries or anything else > we need to notarize? Let me clear some things here. 1. Notarization is done for distributable applications packaged in .pkg or dmg(your RCP app as a whole). This is not applicable for individual native components 2. Pre requisite for Notarization is to sign your application and its individual components (jars as well as native components) with hardened runtime. Once you do this mac will not allow you to load unsigned libraries into the process started by your application. In this case unsigned libraries are java libraries and your application is eclipse application. This is where you get above mentioned error 3. To solve the above problem you need to add entitlements saying the application is allowed to load unsigned libraries. This needs to be done in app signing and executable signing 4. Now once you built your application with all the signed libraries and signed executable with entitlements, you need to sign your mac.app with hardened runtime and entitlements. 5. Now for distribution sake you may want to create pkg file or dmg file. This needs to be signed again with hardened runtime and entitlements. 6. At this step you need to submit your dmg or pkg to apple's notarization service to get it notarized. Please don't get confused between notarization and signing. Notarization is not applicable for individual components. Its for packaged application Coming to the work to be done If you use 4.7.3 1. You need to sign(with hardened runtime and entitlements) individual dynamic libraries and executables as listed comment 1 2. Rebuild eclipse to get signed native libraries inside plugins like swt mac plugin 3. Use rebuilt eclipse to build your RCP application. This way your RCP application will get all the necessary signed native libraries 4. Sign your rcp app and make distributable package 5. Submit your distributable package to apple's notarization service to get a notarized package. If you use 4.13 and above you can skip first two steps. Eclipse has already taken care of that. you need to start at point 3. I hope this clarifies
Thank you very much Sravan for detailed explanation. Now, we followed steps specified by you and this error is fixed. We are able to launch our applicaiton with out any issues. Let me check functionality and will get back you if any help reuquired.
Shravan, I am getting this error while uploading .dmg with .app for notarization. "You must first sign the relevant contracts online. (1048)" Any help appreciated.
(In reply to satish Chinthanippu from comment #12) > Shravan, > > I am getting this error while uploading .dmg with .app for notarization. > "You must first sign the relevant contracts online. (1048)" > > Any help appreciated. You probably need to sign agreements with apple. Here are the top results from google. https://stackoverflow.com/questions/58358449/notarizing-electron-apps-throws-you-must-first-sign-the-relevant-contracts-on https://forums.developer.apple.com/thread/117351
