Posts

Post marked as solved
1 Replies
2.3k Views
Greetings,I'm contributor and heavy user of Eclipse Java IDE. For a couple of releases now we are having some issues with our signed app bundle not able to access MacOS Keychain.https://bugs.eclipse.org/391455The problem is that Eclipse is capable of updating itself. Also during initial startup it updates some configuration files. Given that it's a cross-platform Java app, we don't have too much customizations in place for MacOS app bundles. The recent requirements for signed apps make it hard for us to keep up with. It's unlikely that we'll be capable of stopping Eclipse from writing to folders inside the app bundle. That's too much work to keep up with.As it works right now, the signed app and dmg we ship/distribute is valid upon first start of the app. After that the app bundle has some modifications. Previously we excluded those with a resource list but that's no longer possible. Anyway, a recent experience made me wonder what the actual rules are for accessing the Keychain?We have an integration that stores a master password in Keychain. That master password is used to decrypt sensitive information Eclipse stores in its secure store. On my desktop (where I have been using Eclipse for many years know) the signature broke at some point preventing the app from accessing Keychain.I recently got a new Macbook Pro as well. I use ChronoSync to keep my desktop and laptop in sync. I also sync the Eclipse.app bundle (as a whole) in order to not having to update them separately. Thus I copied the whole app bundle to the new Macbook Pro. Surprisingly, the modified app bundle is capable of accessing the Keychain without issues. It generated its master password and stored it in Keychain. Even a few updates (modifications of the app bundle) later it can still access its master password in Keychain.Any ideas what's going on? Why would the same app bundle work on one system but fail on another?That makes be believe that Gatekeeper has an internal database where it stores some data for makeing decisions. Is there a way to reset it?
Posted
by guw.
Last updated
.