-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
App Notarize cannot be done because "Hardened Runtime" is disabled in Autoupdate.app #1389
Comments
This has been reported before: #1266 |
FYI, these are the commands I have added to my
You should be able to extract the |
Too much customization. I want to be able to use the classic copy step in build phases and sign on copy option. All of the solutions that are described currently looks like a workaround. Moreover, it should be mentioned in the troubleshooting section in a readme file. |
The problem is the hardened runtime flags are added as part of the signing process. Xcode can sign as part of the copy build phase, but it won't add the hardened runtime flags. Perhaps Autoupdate.app could come signed with a dummy self-signed identity, and then the flags would (maybe?) be preserved when Xcode resigns it with the developer's certificate in the copy phase. That's just an hypothesis though. |
For those developers who does not use pod, add a 'run script' on Xcode 'Build Phases' tab, contents:
Then, drag this script up to top of your phases, (below 'Target Dependecies' maybe). |
Hi , I am trying Notarize application With Xcode ,but unable to do with sparkle 1.18.1 version , I have Already Added Code in My "Script Phase" " By default, use the configured code signing identity for the project/target IDENTITY="${CODE_SIGN_IDENTITY}" If a code signing identity is not specified, use ad hoc signing IDENTITY="-" " But I am Getting the Error its happened After Successfully Uploaded for notarization And When Get back the response after processing is Display a Message "Distribution failed" Log is there:- "logFormatVersion": 1, I have also checked Sparkle in content of Application is Also Signed , What can I do that I can able to Do Noterize My Application with current sparkle |
@kornelski Plz Reply If you have any solution, anybody any idea to resolve my error |
@praveen27Kmr I think your question is a better candidate for StackOverflow than the Sparkle dev team. |
Please try the latest prerelease https://github.com/sparkle-project/Sparkle/releases |
@kornelski , thanks for your answer , the issue is not showing more now from apple side. codesign --verbose --force --deep -o runtime --sign "$IDENTITY" "$LOCATION/Sparkle.framework/Versions/A/Resources/AutoUpdate.app" For Now when I see your reply then @kornelski i try the prerelease version, but I am facing the same , I am trying to build without the flag '-o runtime ' i am using "Framework" from pre-release Assets URL Framework: - https://github.com/sparkle-project/Sparkle/releases/download/1.22.0rc1/Sparkle-1.22.0rc1.tar.bz2 Error:- https://user-images.githubusercontent.com/21966068/60410779-77baeb00-9be7-11e9-927d-0b577ed03813.png now I want just ask you to that I required to use ' -o runtime ' flag or I can use use framework without this flag |
Yes, you still have to do code signing, and I presume that requires |
@praveen27Kmr If it helps, here's my Run Script Phase (after embedding the framework!) from my apps. For the XPC branchAdjust path as necessary: # 👇 Shorthand for the script; adjust to where you checked-out Sparkle into is 👇
alias dosign="${PROJECT_DIR}/Extern/Sparkle/bin/codesign_embedded_executable"
# Code Signing identity
IDENTITY="${CODE_SIGN_IDENTITY}"
if [ "$IDENTITY" == "" ]
then
# If a code signing identity is not specified, use ad hoc signing
IDENTITY="-"
fi
# Shorthand for the Sparkle.framework
SPARKLE_PATH=${BUILT_PRODUCTS_DIR}/${FRAMEWORKS_FOLDER_PATH}/Sparkle.framework
dosign "$IDENTITY" "${BUILT_PRODUCTS_DIR}/${XPCSERVICES_FOLDER_PATH}"/*.xpc
dosign "$IDENTITY" "${SPARKLE_PATH}/Versions/A/Resources/Autoupdate"
dosign "$IDENTITY" "${SPARKLE_PATH}/Versions/A/Resources/Updater.app/"
dosign "$IDENTITY" "${SPARKLE_PATH}" For regular release/master branchWill work on embedded frameworks inside the .app bundle, so no need to adjust anything: LOCATION="${BUILT_PRODUCTS_DIR}"/"${FRAMEWORKS_FOLDER_PATH}"
# By default, use the configured code signing identity for the project/target
IDENTITY="${CODE_SIGN_IDENTITY}"
if [ "$IDENTITY" == "" ]
then
# If a code signing identity is not specified, use ad hoc signing
IDENTITY="-"
fi
codesign --verbose --force --deep -o runtime --sign "$IDENTITY" "$LOCATION/Sparkle.framework/Versions/A/Resources/AutoUpdate.app"
codesign --verbose --force -o runtime --sign "$IDENTITY" "$LOCATION/Sparkle.framework/Versions/A" |
@kornelski @DivineDominion Thanks |
The diff from the latest release So for anyone still experiencing this issue on the prerelease version that does not want to resign the framework in a Run Script phase, just update to 1.22.0 |
Is it now safe to say Hardened Runtime is now supported in 1.22.0 without having to do any manual code signing? |
@gregcotten yes |
FTR I had been |
Facing issue with notarising Sparkle embedded framework. These four binaries /MyApp.app/Contents/MacOS/MyApp Im fairly certain all the above issues are occurring because of embedded Sparkle framework. This is present in my runscript phase codesign -vvv --deep --strict /Applications/MyApp.app/Contents/Frameworks/Sparkle.framework/Sparkle Kindly assist me, its been bugging me since a week :D |
In macOS 10.14.5 Apple will introduce Application Notarization - all apps will have to be notarized by Apple.
We've been trying to notarize our application (we are using latest Sparkle version) but while trying to send binary to the notary service we're getting an error:
I've been trying to enable it on my custom build but without success. If it will start working for me I'll create PR with the fix. Before that, any help with this issue would be very helpful.
The text was updated successfully, but these errors were encountered: