Hardened Runtime

Is there plans to add the Hardened Runtime options to the Projucer for Xcode 10? Notarization will become a requirement in the next version of Mac OS.

Yes, this is something we’ll do fairly soon.


Wow, that was fast. I’ll check it out.

If I enable Hardened Runtime in Projucer, this options gets turned on in the entitlements:
although Sandboxing is turned off.

This leads to a problem, where our application can not open files from the OS anymore.

1 Like

@tom: I’m also having this issue: com.apple.security.app-sandbox gets enabled even though “Plugin AU is sandbox safe” and “Use App Sandbox” are both disabled. Is this expected ?

Thank you for reporting.

Wow! I was just about to ask about this feature!
Is the release date fixed for the version with this fix?

To enable the Hardened Runtime for a Xcode target, is it enough to set the ENABLE_HARDENED_RUNTIME build setting, or there are more steps involved?

I have enabled that project setting, but notarization is still failing with this outcome message:

"message": "The executable does not have the hardened runtime enabled."

EDIT: the resulting bundle is also properly codesigned, there were signing errors that I have fixed, but the one related to the hardened runtime remains

I possible had the same issue a while back. Are you signing outside of Xcode, on the command line? Hardened runtime is a signing option, not a build option, so if you aren’t signing in Xcode, that option won’t do anything.

You codesign command should look like this:

codesign -s "$DEV_APP_ID" -v "$PLUGIN.vst" --options=runtime


Ah thanks, that worked indeed, although I found that other sources use the following syntax

--options runtime

without the “equals” sign. Don’t know if that makes any difference :man_shrugging:

Now a different question:
I wish to know if an app is signed with the hardened runtime, is there a command for that?

Oops, answered wrong question.

codesign --display --verbose <path to app>

You’re looking for ‘runtime’ in the response, something like:
CodeDirectory v=20500 size=291748 flags=0x10000(runtime) hashes=9108+5 location=embedded

1 Like

Hi, I’ve just enabled hardened runtime for an app and I can no longer make an OSC connection. Is there additional code I need to add to request permissions? Is this documented?


It’s ok, got it, needed to add dev team for signing.