Looks like the hardened runtime needs —options=runtime https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/resolving_common_notarization_issues?language=objc <https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/resolving_common_notarization_issues?language=objc>
For the others are you using —force —deep to ensure you replace any existing code signatures? > On 10 May 2019, at 10:29 am, kee nethery via use-livecode > <[email protected]> wrote: > > Help. > > I volunteered to research this topic and present on it. I’ve documented the > process to upload to the App Store, figured this would be less steps and I > could figure it out and present on it at the LiveCode conference (as well as > document it on the lessons web site). > > There are two issues I’m running into and I could sorely use some help if any > of you have gone through this notarization process on a macOS app. > > Kee Nethery > > ——— TLDR ——— > > The developer ID certificate is the same one used to sign an app on the > AppStore and it is not expired so … I’m really stumped as to why it is not > signed with a valid Developer ID. > > I set the —timestamp flag in the codesign command so it should have gotten a > timestamp. Again, WTF? > > And once those get resolved, without using Xcode, I have no idea how to “have > the hardened runtime enabled”. > > In specific I get the following error report. > > > > > { > "logFormatVersion": 1, > "jobId": "44f6d3f6-520b-4993-89af-3290ae2709c5", > "status": "Invalid", > "statusSummary": "Archive contains critical validation errors", > "statusCode": 4000, > "archiveFilename": "99_Bottles.pkg", > "uploadDate": "2019-05-08T00:41:02Z", > "sha256": "8f51bb68f65c36beed94c717d1bb49a146e927fe591aa4f3755aba2793bab7b3", > "ticketContents": null, > "issues": [ > { > "severity": "error", > "code": null, > "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 > Bottles.app/Contents/MacOS/revsecurity.dylib", > "message": "The binary is not signed with a valid Developer ID > certificate.", > "docUrl": null, > "architecture": "x86_64" > }, > { > "severity": "error", > "code": null, > "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 > Bottles.app/Contents/MacOS/revsecurity.dylib", > "message": "The signature does not include a secure timestamp.", > "docUrl": null, > "architecture": "x86_64" > }, > { > "severity": "error", > "code": null, > "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 > Bottles.app/Contents/MacOS/99 Bottles", > "message": "The binary is not signed with a valid Developer ID > certificate.", > "docUrl": null, > "architecture": "x86_64" > }, > { > "severity": "error", > "code": null, > "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 > Bottles.app/Contents/MacOS/99 Bottles", > "message": "The signature does not include a secure timestamp.", > "docUrl": null, > "architecture": "x86_64" > }, > { > "severity": "error", > "code": null, > "path": "99_Bottles.pkg/com..99bottles.pkg Contents/Payload/99 > Bottles.app/Contents/MacOS/99 Bottles", > "message": "The executable does not have the hardened runtime enabled.", > "docUrl": null, > "architecture": "x86_64" > } > ] > } > _______________________________________________ > use-livecode mailing list > [email protected] > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list [email protected] Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
