Draft: [macapp signer] Use hardned runtime (!38) · Merge requests · Sysadmin / CI Notary Service

Julius Künzel requested to merge jlskuz/ci-notary-service:work/mac-runtime into master Dec 12, 2023

Without this notarization fail

notary log>     {
notary log>       "architecture": "arm64",
notary log>       "code": null,
notary log>       "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087724",
notary log>       "message": "The executable does not have the hardened runtime enabled.",
notary log>       "path": "original.dmg/kdenlive.app/Contents/MacOS/kdenlive",
notary log>       "severity": "error"
notary log>     },

https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087724

I am not sure if the --code-signature-flags works recursively for app bundles as the rcodesign documentation is not very descriptive about it so I may have to bother you with several try-and-error iteration

Draft: [macapp signer] Use hardned runtime

Merge request reports