If that’s insufficient, you need to dig into the code to find out why.
IINA is using the OpenResty LuaJIT library and using that entitlement resulted in "Code Signature Invalid" crashes as reported in IINA issue https://github.com/iina/iina/issues/3551
Including this entitlement exposes your app to common vulnerabilities in memory-unsafe code languages. Carefully consider whether your app needs this exception.
Therefore for security reasons it is desirable that LuaJIT be updated to follow Apple's best practices for JIT compilers and support use of the more restrictive Allow Execution of JIT-compiled Code Entitlement.
In this Apple forum thread: App not launching after signing with hardened runtime, Apple developer relations says:
IINA is using the OpenResty LuaJIT library and using that entitlement resulted in "Code Signature Invalid" crashes as reported in IINA issue https://github.com/iina/iina/issues/3551
The problem appears to be that LuaJIT is not following the best practices specified in this Apple document: Porting Just-In-Time Compilers to Apple Silicon
Another developer pointed out that LuaJIT is not using the
MAP_JIT
flag, one of the requirements specified in the above document:That means instead of the Allow Execution of JIT-compiled Code Entitlement, IINA must use the Allow Unsigned Executable Memory Entitlement, for which Apple warns:
Therefore for security reasons it is desirable that LuaJIT be updated to follow Apple's best practices for JIT compilers and support use of the more restrictive Allow Execution of JIT-compiled Code Entitlement.