I just tried submitting an app to be notarized. This app is actually only used by me internally (but I have other apps this question would be relevant to) and I can't submit for notarization. I get the following error:
"Hardened Runtime is not enabled."
Is the Hardened Runtime now required? I know it used to be optional (I believe the last time I submitted an app update a few months ago outside the Mac App Store I got no such error).
Apple docs do say "To upload a macOS app to be notarized, you must enable the Hardened Runtime capability.". I thought it was always required, but if I'm wrong about that, I don't know when it changed. Is there something that prevents you from enabling Hardened Runtime?
Apple docs do say "To upload a macOS app to be notarized, you must enable the Hardened Runtime capability.". I thought it was always required, but if I'm wrong about that, I don't know when it changed. Is there something that prevents you from enabling Hardened Runtime?
Hm. Maybe it was the Mac App Store version of that same app I was thinking of (that didn't have the Hardened runtime enabled). I know it used to be optional in and outside MAS I guess it changed at some point.
As JWWalker noted, we clearly document the hardened runtime requirement for Developer ID programs.
On the Mac App Store front, AFAIK it’s still optional. It’s not hard to imagine this changing in the future, so I generally recommend that you enable it for all programs, regardless of their distribution channel.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
This particularly app (just for me) embeds the Java runtime. The java runtime is contained within a framework of mine. Xcode complains that the hardened runtime isn't enabled for these prebuilt executables. Is there a way to have Xcode GUI handle this when I archive or do I have use the command line?
Xcode complains that the hardened runtime isn't enabled for these prebuilt executables.
At what point does Xcode complain about that? It surprises me, because the hardened runtime is specified during code signing (you can do it on the command line with codesign --options=runtime) and submitting for notarization involves Xcode signing all the executables in the application, even if they're already signed.
Archiving works. It's when I attempt to submit it to be notarized that it complains about the hardened runtime not being enabled (though it is enabled in my Xcode project but for some reason it must not be enabling it on the embedded executables, which are inside an embedded framework). Haven't had time to retry yet but I assume if I manually do it from the command line it'll work. Will report back when I have a little more time to try.
