Reputation: 563
Is the macOS Hardened Runtime a part of the OS SDK?
So we're preparing for XCode updates for our application, as well as macOS SDK updates, and it's unclear to me if the used of the Hardened Runtime, required for notarization, is tied with which macOS SDK version you're using?
Where does the hardened runtime live, and how does a compiled application interact with it? Unclear if it's via language runtime libs (and therefore compiler / XCode verson), SDK, or something else.
Upvotes: 2
Views: 824
Answers (1)
Reputation: 27611
Hardened runtime is applied during the code signing process. You can build an application without it and then, using the codesign command, sign with hardened runtime from the command line
codesign --force --options runtime --deep --sign "Developer ID Application: COMPANYNAME" MYAPP.app
Note the runtime flag. The man page for codesign states for runtime:
On macOS versions >= 10.14.0, opts signed processes into a hardened runtime environment which includes runtime code signing enforcement, library validation, hard, kill, and debugging restrictions. These restrictions can be selectively relaxed via entitlements. Note: macOS versions older than 10.14.0 ignore the presence of this flag in the code signature.
Selecting the option for hardened runtime in Xcode, will apply the runtime argument when Xcode performs the signing process for you.
Upvotes: 4
Related Questions
- CMake Xcode generator - add capability "hardened runtime"
- How to codesign and enable the hardened runtime for a 3rd-party CLI on Xcode?
- Is Xcode's SDKs/MacOSX.sdk Symlink a Documented Feature
- Xcode - Hardened Runtime is not enabled
- How to enable hardened runtime to an app without migrating to Xcode 10?
- Does xcode use "xcodebuild" under the hood?
- What is the difference between xcode and ios sdk?
- Do iOS and OSX use the same Objective-C runtime?
- Meaning of Base SDK in Xcode
- Does the iPhone SDK include Xcode for Mac OS X development?