Notarizing a DMG bundling a complete Perl environment

Question

Created 9h

Replies 1

Boosts 0

Participants 2

...and some more simple command line utilities. I've code signed all executables and binary libraries I could find. This has got rid of most errors already.

Now I'm struggling with the "hardened runtime" requirements. I understand I can somehow add entitlements - but have no clue how to do that, and what to add. Somewhere there was reference to PCRE - I don't think Perl uses that itself, but certainly does deal with regexes a lot. How would I add eg. the JIT entitlement (if that was required)? Most documents refer to .mobileprovision files or similar - but I'm dealing with a desktop application.

And as all of this is rather non-standard, we don't use Xcode at all. So I wouldn't even know how to use Xcode to create a profile for an an app which is managed completely "outside" of a normal macOS development environment.

Boost

Answer 1

Etresoft OP

7h

Building a notarized Perl app on a Mac using the command line? You're kind of fighting the whole world at once there, eh? 😄

In addition to the hardened runtime, you'll need some entitlements to relax said hardened runtime. Put those in an XML file and use the "--entitlements" flag with "codesign".

Make sure to completely test your installation with all kinds of funky edge cases. In addition to all the up-front notarization checks, there are certain checks that happen only at runtime, or only at runtime when you try to trigger something like dynamic loading or JIT execution. That is the part that trips up most people in your situation who get that far.

I don't know which entitlements Perl will require - most likely all of them.

0