Notarization & hardening for macOS non-App Store Apps?

Thu, 09 May 2019 17:31:53 -0700 

Help.

I volunteered to research this topic and present on it. I’ve documented the 
process to upload to the App Store, figured this would be less steps and I 
could figure it out and present on it at the LiveCode conference (as well as 
document it on the lessons web site).

There are two issues I’m running into and I could sorely use some help if any 
of you have gone through this notarization process on a macOS app. 

Kee Nethery

——— TLDR ——— 

The developer ID certificate is the same one used to sign an app on the 
AppStore and it is not expired so … I’m really stumped as to why it is not 
signed with a valid Developer ID.

I set the —timestamp flag in the codesign command so it should have gotten a 
timestamp. Again, WTF?

And once those get resolved, without using Xcode, I have no idea how to “have 
the hardened runtime enabled”.

In specific I get the following error report.




{
  "logFormatVersion": 1,
  "jobId": "44f6d3f6-520b-4993-89af-3290ae2709c5",
  "status": "Invalid",
  "statusSummary": "Archive contains critical validation errors",
  "statusCode": 4000,
  "archiveFilename": "99_Bottles.pkg",
  "uploadDate": "2019-05-08T00:41:02Z",
  "sha256": "8f51bb68f65c36beed94c717d1bb49a146e927fe591aa4f3755aba2793bab7b3",
  "ticketContents": null,
  "issues": [
    {
      "severity": "error",
      "code": null,
      "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
Bottles.app/Contents/MacOS/revsecurity.dylib",
      "message": "The binary is not signed with a valid Developer ID 
certificate.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
Bottles.app/Contents/MacOS/revsecurity.dylib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
Bottles.app/Contents/MacOS/99 Bottles",
      "message": "The binary is not signed with a valid Developer ID 
certificate.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
Bottles.app/Contents/MacOS/99 Bottles",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 
Bottles.app/Contents/MacOS/99 Bottles",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": null,
      "architecture": "x86_64"
    }
  ]
}
_______________________________________________
use-livecode mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Reply via email to