How to codesign and enable the hardened runtime for a 3rd-party CLI on Xcode?

Asked 20/10, 2018 at 13:1 Answered 7/4, 2021 at 19:14

Solved objective-c xcode macos codesign osx-gatekeeper

My project needs the Ghostscript to do lots of tasks, so I have added the gs CLI tool into my project resource. However when I tried to notarize the project application, Xcode shows me this:

I assume that might because the ghostscript portable CLI is a 3rd-party program from the internet and which doesn't have a codesign, also it has not been enabled the hardened runtime. On the latest MacOS Mojave I have to notarize applications to avoid the gatekeeper shows warnings during the user opens the DMG file. But it seems the notarizing is hard to pass if the application contains a 3rd-party CLI.

Is there a solution for this?

Bureau answered 20/10, 2018 at 13:1 Comment(0)

I found the solution finally. Sign the CLI this way:

codesign --force --options runtime --sign "Developer ID Application: COMPANYNAME" ./CLITool

Then I successfully archived the Application and uploaded to Apple to notarize.

Bureau answered 21/10, 2018 at 13:12 Comment(6)

How does this fullfil the hardening requirements? – Simile 21/10, 2018 at 13:33

I think it would be "--options runtime". Since I signed the command tool by this, it works. – Bureau 21/10, 2018 at 13:38

Thanks for clarification. Where did you find this information/parameter(s)? I assume it will coincide with this? help.apple.com/xcode/mac/current/en.lproj/Art/… – Simile 21/10, 2018 at 13:42

@Simile forum.xojo.com/… – Bureau 21/10, 2018 at 13:50

Adding "--options runtime" to codesign solved the problem. Thanks. – Tatouay 20/2, 2020 at 14:37

My app's mac executable developed via maven (java project). Then I used codesign command with --option=runtime for notarization. But if I sign with --option=runtimemy app doesn't run. Showing The [APP_NAME] executable launcher was unable to locate its companion shared library. – Blasien 12/3, 2020 at 11:22

The enable hardened runtime is achieved via --options runtime.

I found this guide to be very helpful with the notarization and code signing process for app distribution outside the mac store.

I had an issue with my app crashing after enabling hardened runtime for it tho. This comment and this other one helped me with my issue at the time.

Cass answered 7/4, 2021 at 19:14 Comment(0)

Recommended topics

Hot tags