Details
-
Bug
-
Resolution: Unresolved
-
P3: Somewhat important
-
None
-
4.6.0
Description
I've set up an installer for macOS to be distributed outside the App Store and submitted for notarization at Apple. All binaries are signed, so is the installer itself. The last error I am stuck with is the requirement of hardened runtime for the actual installer binary.
From "notarytool log":
"issues": [ { "severity": "error", "code": null, "path": "xxx.dmg/xxx.app/Contents/MacOS/xxx", "message": "The executable does not have the hardened runtime enabled.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087724", "architecture": "x86_64" } ]
In src/libs/ifwtools/binarycreator.cpp, the options --force }}, {{--deep }} and {{--sign <identity> are passed to codesign. The hardened runtime would require --option runtime }} in addition. Also, the Apple documentation advises the usage of {{--timestamp, but I can not find that reference right now.
Finally, the --deep option is "(DEPRECATED for signing as of macOS 13.0)" as per man-page.
Edits: trying to avoid strikethrough and getting the formatting right. Close enough now.
Attachments
Gerrit Reviews
| For Gerrit Dashboard: QTIFW-3084 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 568786,3 | Fix codesign options for MacOs | master | installer-framework/installer-framework | Status: NEW | 0 | 0 |