Hi all,
I have a java application based on the Eclipse RCP Mars. I am trying to sign my app:
codesign -s 'Some Developer ID Application' MyApp.app
During notarization I am getting the next error:
"statusSummary": "Archive contains critical validation errors",
"statusCode": 4000,
...
{
"severity": "error",
"code": null,
"path": "MyApp.app.zip/MyApp.app/Contents/MacOS/eclipse",
"message": "The executable does not have the hardened runtime enabled.",
"docUrl": null,
"architecture": "x86_64"
}
If I enable runtime the binary becomes broken:
codesign -f --options=runtime -s 'Some Developer ID Application' MyApp.app
dlopen(/Users/zapletnev/Desktop/Scade.app/Contents/MacOS//../Eclipse/plugins/org.eclipse.equinox.launcher.cocoa.macosx.x86_64_1.1.300.v20150602-1417/eclipse_1611.so, 2): no suitable image found. Did find:
/Users/zapletnev/Desktop/Scade.app/Contents/MacOS//../Eclipse/plugins/org.eclipse.equinox.launcher.cocoa.macosx.x86_64_1.1.300.v20150602-1417/eclipse_1611.so: code signing blocked mmap() of '/Users/zapletnev/Desktop/Scade.app/Contents/MacOS//../Eclipse/plugins/org.eclipse.equinox.launcher.cocoa.macosx.x86_64_1.1.300.v20150602-1417/eclipse_1611.so'
I tried to notarize a default Eclipse Mars distribution and I found that it passed the validation. The same error 'The executable does not have the hardened runtime enabled' is displayed as a warning.
"status": "Accepted",
"statusSummary": "Ready for distribution",
...
{
"severity": "warning",
"code": null,
"path": "Eclipse.app.zip/Eclipse.app/Contents/MacOS/eclipse",
"message": "The executable does not have the hardened runtime enabled.",
"docUrl": null,
"architecture": "x86_64"
},
1. Why is the same issue marked as a warning for Eclipse Mars and as an error for my application?
2. Why options=runtime break my binary and how I can fix it?