User Profile

Dear Eseye,Apple changed their codesigning / notarization policies , effective Feb 3. I had code ready to distrubute to our customers that passed notarization on jan 28. I fixed a small bug on Feb 4, and notarization failed.This might be what happened to you.I'm sad to say I've no answers , only questions , as I'm thus far stopped dead in the water by the notarization requirements.I've asked for help from apple, but only get polite non-answers, telling me they provide "administrative support", and then theyrefer me to the code forums. As a developer, I feel totally abandoned by Apple.If youve any tips or hints on how I can bundle and notarize a Java JRE in my app, I'd greatly appreciate any help I can get.I don't use XCode - it doesn't seem to support Java anymore- but I'm willing to learn if it can get my Java app signed. In particular, does anyone know how to set up the "hardened runtime" for a Java project ?thank you,Craig108

Dear Quinn, i hope you still work at Apple, as your answer here in this forum is the closest I've found to someone who might be able to point me towards an answer.How can build and notarize an OSX application bundle , containing a Java JREin my application bundle, that passes Apple's Notarization review ?I am able to build the bundle, but the notarization fails, telling me I need a hardened runtime, and that the various exectable binaries and .dylib's in the bundle are not signed.but I can't find any notes on the web about how to; - find/build/ sign the required 'hardened runtime" - how to sign the .dylib's used in the java JRE runtime -how to sign the executables in the jRE (java, jrunscript, ..)the JRE is built by me from oracles JDK 11the app is a commercial product that's been running OSX and Windows for 15 years - until this February.I have XCode installed, but do not use it for my work. I currently write code in Eclipse, and use ant to do mybuilds.If XCode will do what I need, I'm willing to learn how to set it up, but that seems difficult as XCode no longerappears to support Java, except as an 'external builder' sort of project.My app has around 500 java classes, and includes many public domain .jar files .My current code signing commands look like thisan entitlement file containing:<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> <key>com.apple.security.cs.disable-executable-page-protection</key> <true/> <key>com.apple.security.cs.disable-library-validation</key> <true/> <key>com.apple.security.cs.allow-dyld-environment-variables</key> <true/></dict></plist>and this codesign command:codesign --entitlements ${entitlements} \ --options=runtime \ --deep -vvv -f \ --sign ${identity} ${target}thanks for any help you can provide,Craig108