Enable Hardened runtime

[letoosh]

Is there a way to notarize an app with Squirrel in it?

I'm trying to submit it for notarization, but I get:

Hardened Runtime is not enabled.

"ShipIt" must be rebuilt with support for the Hardened Runtime. Enable the Hardened Runtime capability in the project editor, then test your app, rebuild your archive, and upload again.

I've set "Enable Hardened Runtime" on ShipIt target but didn't help.

[mRs-]

Yep got the same Issue. Is there a way to get this running. I really want to notarize my App. Without this, I can't use Squirrel for updating my Application :(

[MarshallOfSound]

Are y'all actually signing the shipit binary? I don't know how y'all are codesigning but I've successfully notarized an app with squirrel.mac I side it :)

[mRs-]

Maybe it's a problem that I use Carthage? It seems the binary has no direct connection to my current Xcode Project (It's a dependency of the Squirrel.Framework).

Maybe we need to add ShipIt as a Dependency to the main Project?

[MarshallOfSound]

I'm pretty sure it'll just be a case of you finding the right configuration. My codesigning is done manually by executing the codesign binary so I don't know what project config you'd need to do to get the equivalent result

[mRs-]

I added a Run Script Phase to my Build Phases. Now it's working.

It's the following script:

LOCATION="${BUILT_PRODUCTS_DIR}"/"${FRAMEWORKS_FOLDER_PATH}"


# By default, use the configured code signing identity for the project/target
IDENTITY="${CODE_SIGN_IDENTITY}"
if [ "$IDENTITY" == "" ]
then
# If a code signing identity is not specified, use ad hoc signing
IDENTITY="-"
fi

codesign --verbose --force --deep -o runtime --sign "$IDENTITY" "$LOCATION/Squirrel.framework/Resources/Shipit"