wildwebdeveloper: fsevents.node is not signed

Wild Web Developer contains some unsigned code which prevents products from being notarized. This file is not signed: org.eclipse.wildwebdeveloper_1.1.2.202311151451/node_modules/fsevents/fsevents.node

The full error I see is as follows, with similar errors for other EPPs.

{
  "logFormatVersion": 1,
  "jobId": "8d36c15c-b650-4242-b817-3bb211054150",
  "status": "Invalid",
  "statusSummary": "Archive contains critical validation errors",
  "statusCode": 4000,
  "archiveFilename": "eclipse-php-2023-12-M3-macosx-cocoa-x86_64-11621221555228008492.dmg",
  "uploadDate": "2023-11-16T18:28:47.503Z",
  "sha256": "13d8a69e550050f48a92a8537e986c996218c5066519d6f7485cfd77bf29c34e",
  "ticketContents": null,
  "issues": [
    {
      "severity": "error",
      "code": null,
      "path": "eclipse-php-2023-12-M3-macosx-cocoa-x86_64-11621221555228008492.dmg/Eclipse.app/Contents/Eclipse/plugins/org.eclipse.wildwebdeveloper_1.1.2.202311151451/node_modules/fsevents/fsevents.node",
      "message": "The binary is not signed.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "eclipse-php-2023-12-M3-macosx-cocoa-x86_64-11621221555228008492.dmg/Eclipse.app/Contents/Eclipse/plugins/org.eclipse.wildwebdeveloper_1.1.2.202311151451/node_modules/fsevents/fsevents.node",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "eclipse-php-2023-12-M3-macosx-cocoa-x86_64-11621221555228008492.dmg/Eclipse.app/Contents/Eclipse/plugins/org.eclipse.wildwebdeveloper_1.1.2.202311151451/node_modules/fsevents/fsevents.node",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "arm64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "eclipse-php-2023-12-M3-macosx-cocoa-x86_64-11621221555228008492.dmg/Eclipse.app/Contents/Eclipse/plugins/org.eclipse.wildwebdeveloper_1.1.2.202311151451/node_modules/fsevents/fsevents.node",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733",
      "architecture": "arm64"
    }
  ]
}

About this issue

Original URL
State: closed
Created 7 months ago
Comments: 17 (17 by maintainers)

Commits related to this issue

[build] Sign '*.node' files This PR has the goal to resolve issue #1403 by implementing the steps that are performed in Orbit to sign Mac '*.node' NPM modules for the WWD build. — committed to vrubezhny/wildwebdeveloper by vrubezhny 7 months ago
[build] Sign '*.node' files This PR has the goal to resolve issue #1403 by implementing the steps that are performed in Orbit to sign Mac '*.node' NPM modules for the WWD build. — committed to vrubezhny/wildwebdeveloper by vrubezhny 7 months ago
[build] Sign '*.node' files This PR has the goal to resolve issue #1403 by implementing the steps that are performed in Orbit to sign Mac '*.node' NPM modules for the WWD build. — committed to vrubezhny/wildwebdeveloper by vrubezhny 7 months ago
[build] Sign '*.node' files This PR has the goal to resolve issue #1403 by implementing the steps that are performed in Orbit to sign Mac '*.node' NPM modules for the WWD build. — committed to vrubezhny/wildwebdeveloper by vrubezhny 7 months ago
[build] Sign '*.node' files This PR has the goal to resolve issue #1403 by implementing the steps that are performed in Orbit to sign Mac '*.node' NPM modules for the WWD build. — committed to vrubezhny/wildwebdeveloper by vrubezhny 7 months ago
[build] Sign '*.node' files for MacOS This PR has the goal to resolve issue #1403 by implementing the steps that are performed in Orbit to sign Mac '*.node' NPM modules for the WWD build. — committed to vrubezhny/wildwebdeveloper by vrubezhny 7 months ago
[build] Sign '*.node' files for MacOS This PR has the goal to resolve issue #1403 by implementing the steps that are performed in Orbit to sign Mac '*.node' NPM modules for the WWD build. — committed to vrubezhny/wildwebdeveloper by vrubezhny 7 months ago
[build] Sign '*.node' files for MacOS This PR has the goal to resolve issue #1403 by implementing the steps that are performed in Orbit to sign Mac '*.node' NPM modules for the WWD build. — committed to vrubezhny/wildwebdeveloper by vrubezhny 7 months ago
[build] Sign '*.node' files for MacOS This PR has the goal to resolve issue #1403 by implementing the steps that are performed in Orbit to sign Mac '*.node' NPM modules for the WWD build. Fixes: #14... — committed to vrubezhny/wildwebdeveloper by vrubezhny 7 months ago
Test build for https://github.com/eclipse-wildwebdeveloper/wildwebdeveloper/issues/1403 — committed to jonahgraham/packages by jonahgraham 7 months ago
Test build for https://github.com/eclipse-wildwebdeveloper/wildwebdeveloper/issues/1403 — committed to jonahgraham/packages by jonahgraham 7 months ago
Test build for https://github.com/eclipse-wildwebdeveloper/wildwebdeveloper/issues/1403 — committed to jonahgraham/packages by jonahgraham 7 months ago
Test build for https://github.com/eclipse-wildwebdeveloper/wildwebdeveloper/issues/1403 — committed to jonahgraham/packages by jonahgraham 7 months ago
[build] Sign '*.node' files for MacOS This PR has the goal to resolve issue #1403 by implementing the steps that are performed in Orbit to sign Mac '*.node' NPM modules for the WWD build. Fixes: #14... — committed to eclipse-wildwebdeveloper/wildwebdeveloper by vrubezhny 7 months ago

Most upvoted comments

All the EPP packages notarized fine. Thanks again for the effort!

jonahgraham on Nov 22, 2023

Thanks @vrubezhny for the quick turnaround! I will try notarizing the next EPP build that completes to confirm. The EPP build won’t complete until the SimRel build is quiet for a few hours.

PS In case you are wondering… I have to manually run the notarization builds because Apple rate limit us so I can’t notarize every single build as too many would fail.

jonahgraham on Nov 21, 2023

I made a special build of EPP for just the php package: https://ci.eclipse.org/packaging/job/epp-jonahgraham-fork/job/wildwebdeveloper-1403/ and it built successfully to https://download.eclipse.org/technology/epp/staging-wildwebdeveloper-1403/ and that repo notarized successfully: https://ci.eclipse.org/packaging/job/notarize-downloads/176/

The fsevents.node appears in the notarization output

{
    {
      "path": "eclipse-php-2023-12-M3-macosx-cocoa-aarch64-6698754642466113339.dmg/Eclipse.app/Contents/Eclipse/plugins/org.eclipse.wildwebdeveloper_1.1.3.202311201349/node_modules/fsevents/fsevents.node",
      "digestAlgorithm": "SHA-256",
      "cdhash": "f55ae280562153dedac36b4359e92270f42314b7",
      "arch": "x86_64"
    },
    {
      "path": "eclipse-php-2023-12-M3-macosx-cocoa-aarch64-6698754642466113339.dmg/Eclipse.app/Contents/Eclipse/plugins/org.eclipse.wildwebdeveloper_1.1.3.202311201349/node_modules/fsevents/fsevents.node",
      "digestAlgorithm": "SHA-256",
      "cdhash": "68ac397d12b287ea7e8e2499b08c6e34cfa8ff58",
      "arch": "arm64"
    },
}

Therefore @vrubezhny this looks good to go. Once it is merged and contributed to SimRel I will run a new notarization to make sure we haven’t missed anything.

jonahgraham on Nov 20, 2023