xcodeffmpegexecutablecode-signingnotarize

Distribute app with Developer ID with Hardened Runtime and 3rd party CLI-executable - Code sign Error


While I tried to distribute my app with Developer ID from Xcode Organizer, I got this error:

Hardened Runtime is not enabled.

"ffmpeg" must be rebuilt with support for the Hardened Runtime. Enable the Hardened Runtime capability in the project editor, test your app, rebuild your archive, and upload again.

enter image description here

Hardened Runtime is enabled in Project > Signing & Capabilites.

My app has the FFmpeg CLI tool in its Resources folder.

Since FFmpeg is a compiled binary, I have no option to enable Hardened Runtime.

How can I solve this and have my app properly code signed?


Solution

  • Using this codesign guide I found how to code sign all included binaries (e.g. CLI tools like FFmpeg).

    Add a new Run Script Phase in Build Phases:

    codesign --force --options=runtime \
    --sign "${EXPANDED_CODE_SIGN_IDENTITY_NAME}" \
    "${BUILT_PRODUCTS_DIR}/${WRAPPER_NAME}/Contents/Resources/ffmpeg"
    

    You can use this this method for other locations/subpaths inside your app e.g. /Contents/Frameworks/ etc. Just open your app package and watch the folder path.

    If you have several binaries, repeat the codesign command for each binary path.