can't codesign and notarise Max8.1.3 standalones


    Apr 20 2020 | 5:42 pm
    Hi,
    i want to codesign and notarise a Max8.1.3 standalone. It just contains a window with a bang. I work on Mac OS10.15.4. In the terminal, i type codesign -s myIdentity --deep -f Untitled1.app (and also Untitled1 Helper (GPU) a.s.o.) The standalone starts correctly, but notarisation says "The executable does not have the hardened runtime enabled."
    Alternatively, i type codesign -s myIdentity --deep --options runtime -f Untitled1.app (and also Untitled1 Helper (GPU) a.s.o.) The notarisation succeeds, but the standalone starts with plenty of errors like mxo/Contents/MacOS/fseventwatcher) not valid for use in process using Library Validation: mapping process and mapped file (non-platform) have different Team IDs What shall i do? Thank you Thomas

    • Apr 22 2020 | 5:58 pm
      Hi this is a tricky problem, and I solved it for my app:
      maybe the instructions plus the scripts inside the repository can be helpful for you.
      cheers
      martin
    • Apr 23 2020 | 10:43 am
      Hi,
      unfortunately still not solved...: I just tried the following: i codesigned every file in Untitled1.app (more than 1.000), without --options runtime. I additonally codesigned Resources/MaxPluginScanner and some other with --options runtime. But not Contents/MacOS/Untitled1 itself. Now Untitled1.app starts without error. So better. But notarisation fails only because Contents/MacOS/Untitled1 is not hardened. Now i run codesign with --options runtime on Contents/MacOS/Untitled1. Result: My Untitled1.app immediately crashs. Thomas
    • May 20 2020 | 5:19 pm
      Hi Thomas, I am having the same issue. Were you able to get this issue resolved?
      Please note that I created another topic discussion (partly because the word "notarise" is misspelled in this topic's title, and partly because the issue is independent of notarization): https://cycling74.com/forums/issue-with-code-signing-mac-standalones-with-hardened-runtime Please feel free to reply to either topic discussions.
      Thank you.
      Adam
    • May 21 2020 | 5:49 am
      The issue discussed above was resolved by Ben Bracken on that topic's page: https://cycling74.com/forums/issue-with-code-signing-mac-standalones-with-hardened-runtime
      The bottom line is that for the runtime-hardened (a requirement for notarization) code signed standalone (generated with Max 8.3.1) to load externals and work correctly, code signing must be done while adding the entitlements option with a proper entitlements file. See that topic for more detail.