Notarization & hardening for macOS non-App Store Apps?
kee nethery
kee.nethery at elloco.com
Thu May 9 20:29:52 EDT 2019
Help.
I volunteered to research this topic and present on it. I’ve documented the process to upload to the App Store, figured this would be less steps and I could figure it out and present on it at the LiveCode conference (as well as document it on the lessons web site).
There are two issues I’m running into and I could sorely use some help if any of you have gone through this notarization process on a macOS app.
Kee Nethery
——— TLDR ———
The developer ID certificate is the same one used to sign an app on the AppStore and it is not expired so … I’m really stumped as to why it is not signed with a valid Developer ID.
I set the —timestamp flag in the codesign command so it should have gotten a timestamp. Again, WTF?
And once those get resolved, without using Xcode, I have no idea how to “have the hardened runtime enabled”.
In specific I get the following error report.
{
"logFormatVersion": 1,
"jobId": "44f6d3f6-520b-4993-89af-3290ae2709c5",
"status": "Invalid",
"statusSummary": "Archive contains critical validation errors",
"statusCode": 4000,
"archiveFilename": "99_Bottles.pkg",
"uploadDate": "2019-05-08T00:41:02Z",
"sha256": "8f51bb68f65c36beed94c717d1bb49a146e927fe591aa4f3755aba2793bab7b3",
"ticketContents": null,
"issues": [
{
"severity": "error",
"code": null,
"path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 Bottles.app/Contents/MacOS/revsecurity.dylib",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 Bottles.app/Contents/MacOS/revsecurity.dylib",
"message": "The signature does not include a secure timestamp.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 Bottles.app/Contents/MacOS/99 Bottles",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 Bottles.app/Contents/MacOS/99 Bottles",
"message": "The signature does not include a secure timestamp.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 Bottles.app/Contents/MacOS/99 Bottles",
"message": "The executable does not have the hardened runtime enabled.",
"docUrl": null,
"architecture": "x86_64"
}
]
}
More information about the use-livecode
mailing list