Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [orbit-dev] macOS Native libjnidispatch.jnilib in com.sun.jna_* jars not codesigned
Hi Martin,

Thank you for bringing this to our collective attention. As far as I know the Eclipse platform notarizes every build available from https://download.eclipse.org/eclipse/downloads/ and I haven't heard of any recent notarization problems. I will be building and notarizing the EPP packages on Thursday so I will keep this in mind.

I don't have easy access to a macOS machine - can you see if the 4.20M1 bundle available from the above link has the same issue? If not, I suspect in someway the notarization is being run differently.

However, if this is a problem and the JNA needs to be signed for macOS then the problem probably needs to be resolved by the JNA project because the Orbit project does not build the natives. However, the project has recently made it clear that this won't happen - see https://github.com/java-native-access/jna/issues/1306. (BTW the bug has a clue as to the problem with notarization, the version of macOS?)

PS With any luck the final 4.20 (2021-06) release will not have JNA 4.5 in it and instead will be upgraded to JNA 5.8. Already 5.8 is used in some places.

Jonah


~~~
Jonah Graham
Kichwa Coders
www.kichwacoders.com


On Tue, 13 Apr 2021 at 19:31, Martin D'Aloia <martindaloia@xxxxxxxxx> wrote:
Hi,

We sent our product (based on Eclipse 4.18) to Apple Notarization service and it failed with the following errors for this native library: plugins/com.sun.jna_4.5.1.v20190425-1842.jar/com/sun/jna/darwin/libjnidispatch.jnilib

- The binary is not signed.
- The signature does not include a secure timestamp.

Shouldn't this dependency be codesigned in Orbit?
Should I open a bug?


What is odd is that Eclipse 4.19 seems to be notarized but verifying this lib on the shipped jar we could see that it is not codesigned. I have no other explanation than it is a recent requirement from Apple. If that is the case maybe the notarization of Eclipse 4.20 would face the same issue.

$ cat Eclipse.app/Contents/Eclipse/.eclipseproduct
name=Eclipse Platform
id=org.eclipse.platform
version=4.19.0

$ spctl -a -vvv -t install Eclipse.app
Eclipse.app: accepted
source=Notarized Developer ID
origin=Developer ID Application: Eclipse Foundation, Inc. (JCDTMS22B4)

$ jar xf Eclipse.app/Contents/Eclipse/plugins/com.sun.jna_4.5.1.v20190425-1842.jar com/sun/jna/darwin/libjnidispatch.jnilib

$ codesign -vvv --display --deep --strict com/sun/jna/darwin/libjnidispatch.jnilib
com/sun/jna/darwin/libjnidispatch.jnilib: code object is not signed at all

If needed I can provide expected output and full error json provided by the Apple Notarization service.

Thanks in advance,
Martin
_______________________________________________
orbit-dev mailing list
orbit-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/orbit-dev

Back to the top