I am trying to notarize my .net core application to run in MacOS devices, and when I notarize it I get the error of
The executable does not have the hardened runtime enabled
if I add the --options=runtime
flag to my signing operation my console app stops working. I found in the dotnet documentation that you have to add the following entitlements to your app host.
but I dont know where to add them, I tried adding a entitlements.plist file to my output directory with the following content:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
</dict>
</plist>
but it still failed. is this something I have to add to the publish procedure?
the solution is to use the entitlements.plist when signing the code:
codesign --timestamp --sign "CERTNAME" FILENAME --options=runtime --no-strict --entitlements entitlements.plist