Xcode 10 notarization error about Hardened Runtime for Autoupdate.app and fileop

[m41w4r3exe]

As Apple introduced new notarization process for apps distributing outside of Mac App Store, I am getting this error when I try to submit my application for notarization, which has Sparkle framework installed via CocoaPods.

The error was first encountered for all bundles included in my app (helper app and other frameworks), however they all went away except these two mentioned bundles of Sparkle, after I enable Hardened Runtime with exceptions shown below through Project editor.

I am not well informed about the guidelines of this new notarization, as it just went out and I have already seen WWDC 2018 presentation about it but could not find any other documentation.

Any ideas how to enable hardened runtime for Sparkle's Autoupdate.app and fileop? Or is it just impossible for Sparkle like enabling sandbox, as the auto update procedure requires access to other apps?

[kornelski]

I haven't tried it myself yet, but some people managed to get it working in #1266

[adib]

You can re-sign the Sparkle auto-updater app and apply hardened runtime to it in the process:

codesign --verbose --force --deep -o runtime \
--sign "${EXPANDED_CODE_SIGN_IDENTITY_NAME}" \
"${BUILT_PRODUCTS_DIR}/${WRAPPER_NAME}/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/AutoUpdate.app"

I've written a post on this issue, having encountered the problem myself.