Include hardened-runtime flag during DMG signing

sassoftware / relic

Relic is a service and a tool for adding digital signatures to operating system packages for Linux and Windows

Apache License 2.0

151 stars 41 forks source link

Include hardened-runtime flag during DMG signing #41

Open ll78912 opened 3 months ago

ll78912 commented 3 months ago

Currently DMG files are signed without hardened-runtime which may cause apple notarization process to fail. Can this flag be added to DMG signing logic?

RangoW commented 3 months ago

Specify hardened-runtime only when signing .app:

relic sign -k devid -f foo-darwin-amd64 --hardened-runtime

https://github.com/sassoftware/relic/blob/master/doc/macos.md#signing-macos-binaries

ll78912 commented 3 months ago

thanks!

ll78912 commented 3 months ago

@RangoW : I have tried to sign .app file directly but it is not working. Should we first sign all the executables within the .app file?