Is there plans to add the Hardened Runtime options to the Projucer for Xcode 10? Notarization will become a requirement in the next version of Mac OS.
Yes, this is something we’ll do fairly soon.
Wow, that was fast. I’ll check it out.
If I enable Hardened Runtime in Projucer, this options gets turned on in the entitlements:
although Sandboxing is turned off.
This leads to a problem, where our application can not open files from the OS anymore.
@tom: I’m also having this issue: com.apple.security.app-sandbox gets enabled even though “Plugin AU is sandbox safe” and “Use App Sandbox” are both disabled. Is this expected ?
Thank you for reporting.
Wow! I was just about to ask about this feature!
Is the release date fixed for the version with this fix?
To enable the Hardened Runtime for a Xcode target, is it enough to set the ENABLE_HARDENED_RUNTIME build setting, or there are more steps involved?
I have enabled that project setting, but notarization is still failing with this outcome message:
"message": "The executable does not have the hardened runtime enabled."
EDIT: the resulting bundle is also properly codesigned, there were signing errors that I have fixed, but the one related to the hardened runtime remains
I possible had the same issue a while back. Are you signing outside of Xcode, on the command line? Hardened runtime is a signing option, not a build option, so if you aren’t signing in Xcode, that option won’t do anything.
You codesign command should look like this:
codesign -s "$DEV_APP_ID" -v "$PLUGIN.vst" --options=runtime
Ah thanks, that worked indeed, although I found that other sources use the following syntax
without the “equals” sign. Don’t know if that makes any difference
Now a different question:
I wish to know if an app is signed with the hardened runtime, is there a command for that?
Oops, answered wrong question.
codesign --display --verbose <path to app>
You’re looking for ‘runtime’ in the response, something like:
CodeDirectory v=20500 size=291748 flags=0x10000(runtime) hashes=9108+5 location=embedded
Hi, I’ve just enabled hardened runtime for an app and I can no longer make an OSC connection. Is there additional code I need to add to request permissions? Is this documented?
It’s ok, got it, needed to add dev team for signing.