Notarization failing even though hardened runtime enabled

G-Mon · January 14, 2020, 9:18pm

{
  "logFormatVersion": 1,
  "jobId": "c7f0230e-a710-4f4e-a747-6d124a3382e5",
  "status": "Invalid",
  "statusSummary": "Archive contains critical validation errors",
  "statusCode": 4000,
  "archiveFilename": "Demo.zip",
  "uploadDate": "2020-01-14T21:12:23Z",
  "sha256": "e39a08f2643058cbefeed03d7b85d871ea5665d0f1eb62e1ff0e1ba61e8c50d9",
  "ticketContents": null,
  "issues": [
    {
      "severity": "error",
      "code": null,
      "path": "Demo.zip/Demo.app/Contents/MacOS/Demo",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": null,
      "architecture": "x86_64"
    }
  ]
}

I have hardened runtime enabled in ProJucer, but I still get the following error from Apple. Any ideas why?

Rail_Jon_Rogut · January 14, 2020, 9:31pm

Which version of Xcode are you using?

Rail

G-Mon · January 14, 2020, 10:28pm

Xcode 11.3.1

G-Mon · January 14, 2020, 10:43pm

Figured it out. It’s not enough to just enable hardened runtime in ProJucer since I sign afterwards. I need to add --option=runtime to my sign step.

My sign step is now codesign --force -s "$DEV_APP_ID" -v "Demo.app" --deep --strict --options=runtime and it works.