can't codesign and notarise Max8.1.3 standalones

    Apr 20 2020 | 5:42 pm
    i want to codesign and notarise a Max8.1.3 standalone. It just contains a window with a bang. I work on Mac OS10.15.4. In the terminal, i type codesign -s myIdentity --deep -f (and also Untitled1 Helper (GPU) a.s.o.) The standalone starts correctly, but notarisation says "The executable does not have the hardened runtime enabled."
    Alternatively, i type codesign -s myIdentity --deep --options runtime -f (and also Untitled1 Helper (GPU) a.s.o.) The notarisation succeeds, but the standalone starts with plenty of errors like mxo/Contents/MacOS/fseventwatcher) not valid for use in process using Library Validation: mapping process and mapped file (non-platform) have different Team IDs What shall i do? Thank you Thomas

    • Apr 22 2020 | 5:58 pm
      Hi this is a tricky problem, and I solved it for my app:
      maybe the instructions plus the scripts inside the repository can be helpful for you.
    • Apr 23 2020 | 10:43 am
      unfortunately still not solved...: I just tried the following: i codesigned every file in (more than 1.000), without --options runtime. I additonally codesigned Resources/MaxPluginScanner and some other with --options runtime. But not Contents/MacOS/Untitled1 itself. Now starts without error. So better. But notarisation fails only because Contents/MacOS/Untitled1 is not hardened. Now i run codesign with --options runtime on Contents/MacOS/Untitled1. Result: My immediately crashs. Thomas
    • May 20 2020 | 5:19 pm
      Hi Thomas, I am having the same issue. Were you able to get this issue resolved?
      Please note that I created another topic discussion (partly because the word "notarise" is misspelled in this topic's title, and partly because the issue is independent of notarization): Please feel free to reply to either topic discussions.
      Thank you.
    • May 21 2020 | 5:49 am
      The issue discussed above was resolved by Ben Bracken on that topic's page:
      The bottom line is that for the runtime-hardened (a requirement for notarization) code signed standalone (generated with Max 8.3.1) to load externals and work correctly, code signing must be done while adding the entitlements option with a proper entitlements file. See that topic for more detail.