Notarization for Automator application

Hello,


I made application by Automator by using apple script, and then I notarized application but I got some errors as below.

Can anyone provide any solution for this?


{

"code": null,

"path": "xxxx.pkg/xxxx.pkg Contents/Payload/Applications/xxxx/xxxx.app/Contents/MacOS/Application Stub",

"message": "The binary is not signed.",

"docUrl": null,

"architecture": "x86_64"

},

{

"code": null,

"path": "xxxx.pkg/xxxx.pkg Contents/Payload/Applications/xxxx/xxxx.app/Contents/MacOS/Application Stub"

"message": "The signature does not include a secure timestamp.",

"docUrl": null,

"architecture": "x86_64"

},

{

"code": null,

"path": "xxxx.pkg/xxxx.pkg Contents/Payload/Applications/xxxx/xxxx.app/Contents/MacOS/Application Stub"

"message": "The executable does not have the hardened runtime enabled.",

"docUrl": null,

"architecture": "x86_64"

},


Best Regards.

Up vote post of u3310 Down vote post of u3310
2.1k views
Posted by
u3310
Reply
Add a Comment

Replies

Signing an automator app is tricky because their packaging is a kinda wonky. I recommend that you sign the action using the same general technique as Automator, that is, using the 

--deep
flag (I generally discourage the use of this flag but this is a key exception). Here’s the command I use: 
$ codesign -s "Developer ID Application" --deep --force --timestamp -o runtime MyAutomatorApp.app

After this I was able to notarise the automator app just fine.

Oh, one other thing. The resulting signature will rely on extended attributes, so you have to make sure your package your final product in a way that preserves extended attributes.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

FYI, SD Notary will notarize Automater apps, without using the `--deep` flag.

Posted by
sstanley
Post not yet marked as solved Up vote reply of sstanley Down vote reply of sstanley
Add a Comment

Do you first sign the 

Contents/document.wflow
file and then sign the outer 
.app
?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Post not yet marked as solved Up vote reply of eskimo Down vote reply of eskimo
Add a Comment