In the Notarizing Your App Before Distribution article it is explained that Hardened Runtime capability must be enabled before sending applications for notarization.
I have a project which has several issues (severity Error) like
{
"severity": "error",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/MacOS/My App",
"message": "The executable does not have the hardened runtime enabled.",
"docUrl": null,
"architecture": "x86_64"
},
and
"severity": "error",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
"message": "The binary is not signed.",
"docUrl": null,
"architecture": "x86_64"
The issues are real and it is expected to have the application rejeted (see the output from Sep 3rd).
However, now I see that all issues are having severity Warning and the application is successfully notarized (see the output from Sep 4th).
"severity": "warning",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/MacOS/My App",
"message": "The executable does not have the hardened runtime enabled.",
"docUrl": null,
"architecture": "x86_64"
},
and
"severity": "warning",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
"message": "The binary is not signed.",
"docUrl": null,
"architecture": "x86_64"
},
My question, is there a change on the requirements for notarization? Can you provide more info regarding this change?
Full output of the app rejection on Sep 3:
{
"logFormatVersion": 1,
"jobId": "1134ee6a-ddf5-42cb-8eac-1ad32f3c2eee",
"status": "Invalid",
"statusSummary": "Archive contains critical validation errors",
"statusCode": 4000,
"archiveFilename": "My_App_19.3.0.zip",
"uploadDate": "2019-09-03T16:23:45Z",
"sha256": "8420e7a79194fc50dcc2985e945402457e28b1e6d98425177464591c12e4c7e8",
"ticketContents": null,
"issues": [
{
"severity": "error",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/MacOS/My App",
"message": "The executable does not have the hardened runtime enabled.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/Library/LoginItems/MacAJLoginHelper.app/Contents/MacOS/MacAJLoginHelper",
"message": "The executable does not have the hardened runtime enabled.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
"message": "The binary is not signed.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
"message": "The signature does not include a secure timestamp.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
"message": "The executable does not have the hardened runtime enabled.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate",
"message": "The binary is not signed.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate",
"message": "The signature does not include a secure timestamp.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate",
"message": "The executable does not have the hardened runtime enabled.",
"docUrl": null,
"architecture": "x86_64"
}
]
}
Full output of the app rejection on Sep 4:
{
"logFormatVersion": 1,
"jobId": "53a3a994-feb3-47c2-ae49-c07d9e5eeb32",
"status": "Accepted",
"statusSummary": "Ready for distribution",
"statusCode": 0,
"archiveFilename": "My_App_19.3.0.zip",
"uploadDate": "2019-09-04T08:43:41Z",
"sha256": "40d07089a5c547a9e5eb03e42745021c6b6d72e2ee408ae93ab0a5125df7ac1a",
"ticketContents": [
{
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/Current",
"digestAlgorithm": "SHA-256",
"cdhash": "8bb7d2435a8367f81bc098b4119df88e2e202335",
"arch": "x86_64"
},
{
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/OSLog.framework/Versions/Current",
"digestAlgorithm": "SHA-256",
"cdhash": "62c326ec4888d67ca9218a79ae3f38dc4452b37e",
"arch": "x86_64"
},
{
"path": "My_App_19.3.0.zip/My App.app",
"digestAlgorithm": "SHA-256",
"cdhash": "5bf670eae6d355b700eda74019f3cbd3972b46d7",
"arch": "x86_64"
},
{
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/LetsMove.framework/Versions/Current",
"digestAlgorithm": "SHA-256",
"cdhash": "4a17292d52ba286a0c98e9057ed1a97a50766bfa",
"arch": "x86_64"
},
{
"path": "My_App_19.3.0.zip/My App.app/Contents/Library/LoginItems/MacAJLoginHelper.app",
"digestAlgorithm": "SHA-256",
"cdhash": "faffcbceb138f7e4fb6e5390e141b807fb8413d5",
"arch": "x86_64"
},
{
"path": "My_App_19.3.0.zip/My App.app/Contents/MacOS/My App",
"digestAlgorithm": "SHA-256",
"cdhash": "5bf670eae6d355b700eda74019f3cbd3972b46d7",
"arch": "x86_64"
},
{
"path": "My_App_19.3.0.zip/My App.app/Contents/Library/LoginItems/MacAJLoginHelper.app",
"digestAlgorithm": "SHA-256",
"cdhash": "faffcbceb138f7e4fb6e5390e141b807fb8413d5",
"arch": "x86_64"
},
{
"path": "My_App_19.3.0.zip/My App.app/Contents/Library/LoginItems/MacAJLoginHelper.app/Contents/MacOS/MacAJLoginHelper",
"digestAlgorithm": "SHA-256",
"cdhash": "faffcbceb138f7e4fb6e5390e141b807fb8413d5",
"arch": "x86_64"
},
{
"path": "My_App_19.3.0.zip/My App.app/Contents/Library/LoginItems/MacAJLoginHelper.app/Contents/MonoBundle/libMonoPosixHelper.dylib",
"digestAlgorithm": "SHA-256",
"cdhash": "6c3966f3e8cdbddfb7261dd1b3e2ad25fa9774d7",
"arch": "x86_64"
},
{
"path": "My_App_19.3.0.zip/My App.app/Contents/Library/LoginItems/MacAJLoginHelper.app/Contents/MonoBundle/libmono-native.dylib",
"digestAlgorithm": "SHA-256",
"cdhash": "994ed8dac47d098f75fc7fada7137c113c432bda",
"arch": "x86_64"
},
{
"path": "My_App_19.3.0.zip/My App.app/Contents/MonoBundle/libMonoPosixHelper.dylib",
"digestAlgorithm": "SHA-256",
"cdhash": "6c3966f3e8cdbddfb7261dd1b3e2ad25fa9774d7",
"arch": "x86_64"
},
{
"path": "My_App_19.3.0.zip/My App.app/Contents/MonoBundle/libmono-native.dylib",
"digestAlgorithm": "SHA-256",
"cdhash": "ba1d310dc0e6ae03f1ddbe5ebb710421d350842c",
"arch": "x86_64"
},
{
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Sparkle",
"digestAlgorithm": "SHA-256",
"cdhash": "8bb7d2435a8367f81bc098b4119df88e2e202335",
"arch": "x86_64"
},
{
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app",
"digestAlgorithm": "SHA-256",
"cdhash": "77cb733af3aeb450c3995f0679d3c6c725808958",
"arch": "x86_64"
},
{
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
"digestAlgorithm": "SHA-256",
"cdhash": "b835c0702d593846c048a9cb9a5591fc6aea2949",
"arch": "x86_64"
},
{
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate",
"digestAlgorithm": "SHA-256",
"cdhash": "77cb733af3aeb450c3995f0679d3c6c725808958",
"arch": "x86_64"
},
{
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/OSLog.framework/Versions/A/OSLog",
"digestAlgorithm": "SHA-256",
"cdhash": "62c326ec4888d67ca9218a79ae3f38dc4452b37e",
"arch": "x86_64"
},
{
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/LetsMove.framework/Versions/A/LetsMove",
"digestAlgorithm": "SHA-256",
"cdhash": "4a17292d52ba286a0c98e9057ed1a97a50766bfa",
"arch": "x86_64"
}
],
"issues": [
{
"severity": "warning",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/MacOS/My App",
"message": "The executable does not have the hardened runtime enabled.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "warning",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/Library/LoginItems/MacAJLoginHelper.app/Contents/MacOS/MacAJLoginHelper",
"message": "The executable does not have the hardened runtime enabled.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "warning",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/Library/LoginItems/MacAJLoginHelper.app/Contents/MonoBundle/libMonoPosixHelper.dylib",
"message": "The signature does not include a secure timestamp.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "warning",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/Library/LoginItems/MacAJLoginHelper.app/Contents/MonoBundle/libmono-native.dylib",
"message": "The signature does not include a secure timestamp.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "warning",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/MonoBundle/libMonoPosixHelper.dylib",
"message": "The signature does not include a secure timestamp.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "warning",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/MonoBundle/libmono-native.dylib",
"message": "The signature does not include a secure timestamp.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "warning",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
"message": "The binary is not signed.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "warning",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
"message": "The signature does not include a secure timestamp.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "warning",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
"message": "The executable does not have the hardened runtime enabled.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "warning",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate",
"message": "The binary is not signed.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "warning",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate",
"message": "The signature does not include a secure timestamp.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "warning",
"code": null,
"path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate",
"message": "The executable does not have the hardened runtime enabled.",
"docUrl": null,
"architecture": "x86_64"
}
]
}