8 Replies
      Latest reply on Sep 13, 2019 2:17 PM by LiquidSonics
      asso Level 1 Level 1 (0 points)

        In the Notarizing Your App Before Distribution article it is explained that Hardened Runtime capability must be enabled before sending applications for notarization.

         

        I have a project which has several issues (severity Error) like

            {
              "severity": "error",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/MacOS/My App",
              "message": "The executable does not have the hardened runtime enabled.",
              "docUrl": null,
              "architecture": "x86_64"
            },

        and

              "severity": "error",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
              "message": "The binary is not signed.",
              "docUrl": null,
              "architecture": "x86_64"

        The issues are real and it is expected to have the application rejeted (see the output from Sep 3rd).

         

        However, now I see that all issues are having severity Warning and the application is successfully notarized (see the output from Sep 4th).

              "severity": "warning",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/MacOS/My App",
              "message": "The executable does not have the hardened runtime enabled.",
              "docUrl": null,
              "architecture": "x86_64"
            },

        and

              "severity": "warning",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
              "message": "The binary is not signed.",
              "docUrl": null,
              "architecture": "x86_64"
            },

         

        My question, is there a change on the requirements for notarization? Can you provide more info regarding this change?

         

         

         

         

         

         

         

        Full output of the app rejection on Sep 3:

        {
          "logFormatVersion": 1,
          "jobId": "1134ee6a-ddf5-42cb-8eac-1ad32f3c2eee",
          "status": "Invalid",
          "statusSummary": "Archive contains critical validation errors",
          "statusCode": 4000,
          "archiveFilename": "My_App_19.3.0.zip",
          "uploadDate": "2019-09-03T16:23:45Z",
          "sha256": "8420e7a79194fc50dcc2985e945402457e28b1e6d98425177464591c12e4c7e8",
          "ticketContents": null,
          "issues": [
            {
              "severity": "error",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/MacOS/My App",
              "message": "The executable does not have the hardened runtime enabled.",
              "docUrl": null,
              "architecture": "x86_64"
            },
            {
              "severity": "error",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/Library/LoginItems/MacAJLoginHelper.app/Contents/MacOS/MacAJLoginHelper",
              "message": "The executable does not have the hardened runtime enabled.",
              "docUrl": null,
              "architecture": "x86_64"
            },
            {
              "severity": "error",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
              "message": "The binary is not signed.",
              "docUrl": null,
              "architecture": "x86_64"
            },
            {
              "severity": "error",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
              "message": "The signature does not include a secure timestamp.",
              "docUrl": null,
              "architecture": "x86_64"
            },
            {
              "severity": "error",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
              "message": "The executable does not have the hardened runtime enabled.",
              "docUrl": null,
              "architecture": "x86_64"
            },
            {
              "severity": "error",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate",
              "message": "The binary is not signed.",
              "docUrl": null,
              "architecture": "x86_64"
            },
            {
              "severity": "error",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate",
              "message": "The signature does not include a secure timestamp.",
              "docUrl": null,
              "architecture": "x86_64"
            },
            {
              "severity": "error",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate",
              "message": "The executable does not have the hardened runtime enabled.",
              "docUrl": null,
              "architecture": "x86_64"
            }
          ]
        }

         

        Full output of the app rejection on Sep 4:

        {
          "logFormatVersion": 1,
          "jobId": "53a3a994-feb3-47c2-ae49-c07d9e5eeb32",
          "status": "Accepted",
          "statusSummary": "Ready for distribution",
          "statusCode": 0,
          "archiveFilename": "My_App_19.3.0.zip",
          "uploadDate": "2019-09-04T08:43:41Z",
          "sha256": "40d07089a5c547a9e5eb03e42745021c6b6d72e2ee408ae93ab0a5125df7ac1a",
          "ticketContents": [
            {
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/Current",
              "digestAlgorithm": "SHA-256",
              "cdhash": "8bb7d2435a8367f81bc098b4119df88e2e202335",
              "arch": "x86_64"
            },
            {
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/OSLog.framework/Versions/Current",
              "digestAlgorithm": "SHA-256",
              "cdhash": "62c326ec4888d67ca9218a79ae3f38dc4452b37e",
              "arch": "x86_64"
            },
            {
              "path": "My_App_19.3.0.zip/My App.app",
              "digestAlgorithm": "SHA-256",
              "cdhash": "5bf670eae6d355b700eda74019f3cbd3972b46d7",
              "arch": "x86_64"
            },
            {
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/LetsMove.framework/Versions/Current",
              "digestAlgorithm": "SHA-256",
              "cdhash": "4a17292d52ba286a0c98e9057ed1a97a50766bfa",
              "arch": "x86_64"
            },
            {
              "path": "My_App_19.3.0.zip/My App.app/Contents/Library/LoginItems/MacAJLoginHelper.app",
              "digestAlgorithm": "SHA-256",
              "cdhash": "faffcbceb138f7e4fb6e5390e141b807fb8413d5",
              "arch": "x86_64"
            },
            {
              "path": "My_App_19.3.0.zip/My App.app/Contents/MacOS/My App",
              "digestAlgorithm": "SHA-256",
              "cdhash": "5bf670eae6d355b700eda74019f3cbd3972b46d7",
              "arch": "x86_64"
            },
            {
              "path": "My_App_19.3.0.zip/My App.app/Contents/Library/LoginItems/MacAJLoginHelper.app",
              "digestAlgorithm": "SHA-256",
              "cdhash": "faffcbceb138f7e4fb6e5390e141b807fb8413d5",
              "arch": "x86_64"
            },
            {
              "path": "My_App_19.3.0.zip/My App.app/Contents/Library/LoginItems/MacAJLoginHelper.app/Contents/MacOS/MacAJLoginHelper",
              "digestAlgorithm": "SHA-256",
              "cdhash": "faffcbceb138f7e4fb6e5390e141b807fb8413d5",
              "arch": "x86_64"
            },
            {
              "path": "My_App_19.3.0.zip/My App.app/Contents/Library/LoginItems/MacAJLoginHelper.app/Contents/MonoBundle/libMonoPosixHelper.dylib",
              "digestAlgorithm": "SHA-256",
              "cdhash": "6c3966f3e8cdbddfb7261dd1b3e2ad25fa9774d7",
              "arch": "x86_64"
            },
            {
              "path": "My_App_19.3.0.zip/My App.app/Contents/Library/LoginItems/MacAJLoginHelper.app/Contents/MonoBundle/libmono-native.dylib",
              "digestAlgorithm": "SHA-256",
              "cdhash": "994ed8dac47d098f75fc7fada7137c113c432bda",
              "arch": "x86_64"
            },
            {
              "path": "My_App_19.3.0.zip/My App.app/Contents/MonoBundle/libMonoPosixHelper.dylib",
              "digestAlgorithm": "SHA-256",
              "cdhash": "6c3966f3e8cdbddfb7261dd1b3e2ad25fa9774d7",
              "arch": "x86_64"
            },
            {
              "path": "My_App_19.3.0.zip/My App.app/Contents/MonoBundle/libmono-native.dylib",
              "digestAlgorithm": "SHA-256",
              "cdhash": "ba1d310dc0e6ae03f1ddbe5ebb710421d350842c",
              "arch": "x86_64"
            },
            {
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Sparkle",
              "digestAlgorithm": "SHA-256",
              "cdhash": "8bb7d2435a8367f81bc098b4119df88e2e202335",
              "arch": "x86_64"
            },
            {
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app",
              "digestAlgorithm": "SHA-256",
              "cdhash": "77cb733af3aeb450c3995f0679d3c6c725808958",
              "arch": "x86_64"
            },
            {
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
              "digestAlgorithm": "SHA-256",
              "cdhash": "b835c0702d593846c048a9cb9a5591fc6aea2949",
              "arch": "x86_64"
            },
            {
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate",
              "digestAlgorithm": "SHA-256",
              "cdhash": "77cb733af3aeb450c3995f0679d3c6c725808958",
              "arch": "x86_64"
            },
            {
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/OSLog.framework/Versions/A/OSLog",
              "digestAlgorithm": "SHA-256",
              "cdhash": "62c326ec4888d67ca9218a79ae3f38dc4452b37e",
              "arch": "x86_64"
            },
            {
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/LetsMove.framework/Versions/A/LetsMove",
              "digestAlgorithm": "SHA-256",
              "cdhash": "4a17292d52ba286a0c98e9057ed1a97a50766bfa",
              "arch": "x86_64"
            }
          ],
          "issues": [
            {
              "severity": "warning",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/MacOS/My App",
              "message": "The executable does not have the hardened runtime enabled.",
              "docUrl": null,
              "architecture": "x86_64"
            },
            {
              "severity": "warning",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/Library/LoginItems/MacAJLoginHelper.app/Contents/MacOS/MacAJLoginHelper",
              "message": "The executable does not have the hardened runtime enabled.",
              "docUrl": null,
              "architecture": "x86_64"
            },
            {
              "severity": "warning",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/Library/LoginItems/MacAJLoginHelper.app/Contents/MonoBundle/libMonoPosixHelper.dylib",
              "message": "The signature does not include a secure timestamp.",
              "docUrl": null,
              "architecture": "x86_64"
            },
            {
              "severity": "warning",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/Library/LoginItems/MacAJLoginHelper.app/Contents/MonoBundle/libmono-native.dylib",
              "message": "The signature does not include a secure timestamp.",
              "docUrl": null,
              "architecture": "x86_64"
            },
            {
              "severity": "warning",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/MonoBundle/libMonoPosixHelper.dylib",
              "message": "The signature does not include a secure timestamp.",
              "docUrl": null,
              "architecture": "x86_64"
            },
            {
              "severity": "warning",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/MonoBundle/libmono-native.dylib",
              "message": "The signature does not include a secure timestamp.",
              "docUrl": null,
              "architecture": "x86_64"
            },
            {
              "severity": "warning",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
              "message": "The binary is not signed.",
              "docUrl": null,
              "architecture": "x86_64"
            },
            {
              "severity": "warning",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
              "message": "The signature does not include a secure timestamp.",
              "docUrl": null,
              "architecture": "x86_64"
            },
            {
              "severity": "warning",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop",
              "message": "The executable does not have the hardened runtime enabled.",
              "docUrl": null,
              "architecture": "x86_64"
            },
            {
              "severity": "warning",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate",
              "message": "The binary is not signed.",
              "docUrl": null,
              "architecture": "x86_64"
            },
            {
              "severity": "warning",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate",
              "message": "The signature does not include a secure timestamp.",
              "docUrl": null,
              "architecture": "x86_64"
            },
            {
              "severity": "warning",
              "code": null,
              "path": "My_App_19.3.0.zip/My App.app/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate",
              "message": "The executable does not have the hardened runtime enabled.",
              "docUrl": null,
              "architecture": "x86_64"
            }
          ]
        }