Notarization failing even though hardened runtime enabled

{
  "logFormatVersion": 1,
  "jobId": "c7f0230e-a710-4f4e-a747-6d124a3382e5",
  "status": "Invalid",
  "statusSummary": "Archive contains critical validation errors",
  "statusCode": 4000,
  "archiveFilename": "Demo.zip",
  "uploadDate": "2020-01-14T21:12:23Z",
  "sha256": "e39a08f2643058cbefeed03d7b85d871ea5665d0f1eb62e1ff0e1ba61e8c50d9",
  "ticketContents": null,
  "issues": [
    {
      "severity": "error",
      "code": null,
      "path": "Demo.zip/Demo.app/Contents/MacOS/Demo",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": null,
      "architecture": "x86_64"
    }
  ]
}

I have hardened runtime enabled in ProJucer, but I still get the following error from Apple. Any ideas why?

Which version of Xcode are you using?

Rail

Xcode 11.3.1

Figured it out. It’s not enough to just enable hardened runtime in ProJucer since I sign afterwards. I need to add --option=runtime to my sign step.

My sign step is now codesign --force -s "$DEV_APP_ID" -v "Demo.app" --deep --strict --options=runtime and it works.

4 Likes