> On May 9, 2019, at 5:42 PM, Monte Goulding via use-livecode > <use-livecode@lists.runrev.com> wrote: > > Looks like the hardened runtime needs —options=runtime
Which what terminal command would —options=runtime be used? From what I can see, the only place to enable hardened runtime is with projects in Xcode and … this is not a project in Xcode, right? > > https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/resolving_common_notarization_issues?language=objc > > <https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/resolving_common_notarization_issues?language=objc> > > For the others are you using —force —deep to ensure you replace any existing > code signatures? yes. Learning lots about codesign and xattr and spctl but am really just a code monkey pressing keys hoping for Shakespeare. Kee > >> On 10 May 2019, at 10:29 am, kee nethery via use-livecode >> <use-livecode@lists.runrev.com> wrote: >> >> Help. >> >> I volunteered to research this topic and present on it. I’ve documented the >> process to upload to the App Store, figured this would be less steps and I >> could figure it out and present on it at the LiveCode conference (as well as >> document it on the lessons web site). >> >> There are two issues I’m running into and I could sorely use some help if >> any of you have gone through this notarization process on a macOS app. >> >> Kee Nethery >> >> ——— TLDR ——— >> >> The developer ID certificate is the same one used to sign an app on the >> AppStore and it is not expired so … I’m really stumped as to why it is not >> signed with a valid Developer ID. >> >> I set the —timestamp flag in the codesign command so it should have gotten a >> timestamp. Again, WTF? >> >> And once those get resolved, without using Xcode, I have no idea how to >> “have the hardened runtime enabled”. >> >> In specific I get the following error report. >> >> >> >> >> { >> "logFormatVersion": 1, >> "jobId": "44f6d3f6-520b-4993-89af-3290ae2709c5", >> "status": "Invalid", >> "statusSummary": "Archive contains critical validation errors", >> "statusCode": 4000, >> "archiveFilename": "99_Bottles.pkg", >> "uploadDate": "2019-05-08T00:41:02Z", >> "sha256": "8f51bb68f65c36beed94c717d1bb49a146e927fe591aa4f3755aba2793bab7b3", >> "ticketContents": null, >> "issues": [ >> { >> "severity": "error", >> "code": null, >> "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 >> Bottles.app/Contents/MacOS/revsecurity.dylib", >> "message": "The binary is not signed with a valid Developer ID >> certificate.", >> "docUrl": null, >> "architecture": "x86_64" >> }, >> { >> "severity": "error", >> "code": null, >> "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 >> Bottles.app/Contents/MacOS/revsecurity.dylib", >> "message": "The signature does not include a secure timestamp.", >> "docUrl": null, >> "architecture": "x86_64" >> }, >> { >> "severity": "error", >> "code": null, >> "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 >> Bottles.app/Contents/MacOS/99 Bottles", >> "message": "The binary is not signed with a valid Developer ID >> certificate.", >> "docUrl": null, >> "architecture": "x86_64" >> }, >> { >> "severity": "error", >> "code": null, >> "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 >> Bottles.app/Contents/MacOS/99 Bottles", >> "message": "The signature does not include a secure timestamp.", >> "docUrl": null, >> "architecture": "x86_64" >> }, >> { >> "severity": "error", >> "code": null, >> "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 >> Bottles.app/Contents/MacOS/99 Bottles", >> "message": "The executable does not have the hardened runtime enabled.", >> "docUrl": null, >> "architecture": "x86_64" >> } >> ] >> } >> _______________________________________________ >> use-livecode mailing list >> use-livecode@lists.runrev.com >> Please visit this url to subscribe, unsubscribe and manage your subscription >> preferences: >> http://lists.runrev.com/mailman/listinfo/use-livecode > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
