Hardened Runtime

darrenwin · February 20, 2019, 3:14pm

Is there plans to add the Hardened Runtime options to the Projucer for Xcode 10? Notarization will become a requirement in the next version of Mac OS.

t0m · February 20, 2019, 3:44pm

Yes, this is something we’ll do fairly soon.

t0m · February 21, 2019, 3:18pm

darrenwin · February 21, 2019, 3:59pm

Wow, that was fast. I’ll check it out.
Thanks!!!

wkundrus · September 11, 2019, 11:31am

If I enable Hardened Runtime in Projucer, this options gets turned on in the entitlements:
“com.apple.security.app-sandbox”
although Sandboxing is turned off.

This leads to a problem, where our application can not open files from the OS anymore.

PixelPacker · November 14, 2019, 8:58pm

@tom: I’m also having this issue: com.apple.security.app-sandbox gets enabled even though “Plugin AU is sandbox safe” and “Use App Sandbox” are both disabled. Is this expected ?

t0m · December 19, 2019, 12:40pm

Thank you for reporting.

yokemura · December 26, 2019, 10:00pm

Wow! I was just about to ask about this feature!
Is the release date fixed for the version with this fix?

yfede · February 7, 2020, 4:59pm

To enable the Hardened Runtime for a Xcode target, is it enough to set the ENABLE_HARDENED_RUNTIME build setting, or there are more steps involved?

I have enabled that project setting, but notarization is still failing with this outcome message:

"message": "The executable does not have the hardened runtime enabled."

EDIT: the resulting bundle is also properly codesigned, there were signing errors that I have fixed, but the one related to the hardened runtime remains

RolandMR · February 7, 2020, 5:05pm

I possible had the same issue a while back. Are you signing outside of Xcode, on the command line? Hardened runtime is a signing option, not a build option, so if you aren’t signing in Xcode, that option won’t do anything.

You codesign command should look like this:

codesign -s "$DEV_APP_ID" -v "$PLUGIN.vst" --options=runtime

yfede · February 10, 2020, 9:26am

Ah thanks, that worked indeed, although I found that other sources use the following syntax

--options runtime

without the “equals” sign. Don’t know if that makes any difference

yfede · February 12, 2020, 9:49am

Now a different question:
I wish to know if an app is signed with the hardened runtime, is there a command for that?

RolandMR · February 12, 2020, 2:34pm

Oops, answered wrong question.

Verbonaut · February 12, 2020, 3:19pm

Try
codesign --display --verbose <path to app>

You’re looking for ‘runtime’ in the response, something like:
CodeDirectory v=20500 size=291748 flags=0x10000(runtime) hashes=9108+5 location=embedded

leehu · March 25, 2020, 1:15pm

Hi, I’ve just enabled hardened runtime for an app and I can no longer make an OSC connection. Is there additional code I need to add to request permissions? Is this documented?

thx

leehu · March 25, 2020, 1:51pm

It’s ok, got it, needed to add dev team for signing.

Topic		Replies	Views
Notarization failing even though hardened runtime enabled MacOSX and iOS	8	2323	August 5, 2020
XCode 'Code Signing' flags in Projucer The Projucer	4	1785	March 3, 2020
Fr: add music files + network client sandbox entitlements MacOSX and iOS	2	810	April 16, 2019
Child process + Hardened runtime issue MacOSX and iOS	2	574	October 27, 2021
Confusion on Catalina / notarization / hardened run-time - no changes needed after all? Audio Plugins	4	2285	December 30, 2019

Hardened Runtime

Purchase

Discover

Learn

Support

About

Events

Hardened Runtime

Related Topics

Purchase

Discover

Learn

Support

About

Events