I'm encountering a peculiar issue with my macOS installer application when hardened runtime is enabled (--options runtime) during code signing, and I'm hoping to get some guidance on how to resolve it.
Issue Description: My installer application is designed to prompt users for system credentials upon launch. After entering the correct credentials and clicking "OK", users should see the next screen to proceed with the installation process. However, with hardened runtime enabled, the application stops responding after the credential entry step. The next screen, where users should proceed with installation, does not appear. If I codesign without using hardened runtime, my installer works fine. However it fails during notarization.
What I've Tried:
- I have reviewed Apple's documentation on hardened runtime and notarization to ensure I'm following best practices.
- I've checked the Console logs for any relevant error messages or warnings, but haven't found any conclusive information.
Additional Information:
- The application is an installer built using bitrock installbuilder.
- It relies on prompting users for system credentials using standard macOS authentication mechanisms.
- Initially the installer is in tar.gz format which I extract to get .app file. This file is codesigned. Next I create a .DMG of the codesigned .app file and codesign the DMG before sending it for notarization.
Request for Assistance: I'm seeking guidance on how to address this issue with my installer application not proceeding after credential entry when hardened runtime is enabled. Are there any specific configurations, entitlements, or best practices that I might be missing? Or are there alternative approaches I should consider to ensure compatibility while still meeting Apple's security requirements for notarization?
Any insights or advice from your experiences would be greatly appreciated. Thank you in advance for your help!