[Interest] Fw: Aw: Re: codesign issue with Qt6.9.1

alexander_carot at gmx.net alexander_carot at gmx.net
Fri Oct 3 15:10:40 CEST 2025 

Hej Robert and Hamish,
>>Hamish correctly (as always) suggested you to add:
>>-hardened-runtime to macdeployqt

Since he phrased it rather as a question:

>>Do you need to add -hardened-runtime to macdeployqt? It seems to be equivalent to –>>options=runtime.There is also -sign-for-notarization=<ident>. I'm not sure of the use of this.
I had thought I need to further investigate this and did not understand the suggestion as you wrote above – my fault !

Thus, I now simply added -hardened-runtime and indeed it did the job :-)

WIth this knowledge I also post-signed my existing entitlements via


codesign --options=runtime --entitlements ./deployment/entitlements.xml --force  ./my.app -s "Developer ID"

and it was also signed and notarised just fine.

>>That could resolve your issue with notarization.

It absolutely did and thanks a lot to Hamish and you !

Best

Alex


Gesendet von Outlook für Mac

Von: coroberti <coroberti at gmail.com>
Datum: Freitag, 3. Oktober 2025 um 14:38
An: alexander_carot at gmx.net <alexander_carot at gmx.net>
Cc: Nelson, Michael <michael.nelson at otthydromet.com>, interest at qt-project.org <interest at qt-project.org>
Betreff: Re: [Interest] Fw: Aw: Re: codesign issue with Qt6.9.1


On Fri, Oct 3, 2025 at 3:31 PM alexander_carot--- via Interest <interest at qt-project.org<mailto:interest at qt-project.org>> wrote:
Hej Michael and all,

thanks for the feedback in this context !

>> I just ran into similar using 6.9.3. I too moved signing out of separate step with “--deep” enabled and into
>>macdeployqt6 without the deep option. This enabled me to successfully notarize

After updating to Qt6.10.0 I just tried the same with *only* running

macdeployqt6 my.app<http://my.app>

and then checked it via:


codesign --verify --deep --strict --verbose=2 ./my.app<http://my.app>

leading to:

./my.app<http://my.app>: valid on disk
./my.app<http://my.app>: satisfies its Designated Requirement

but then notirising it via:


xcrun notarytool submit app.zip --keychain-profile myProfile --wait

leads to:

status: Invalid

In fact I received a couple of private mails with suggestions for further action and workarounds but is this really the way the process should be ?

Best

Alex



Dear Alex,
Hamish correctly (as always) suggested you to add:

-hardened-runtime to macdeployqt

That could resolve your issue with notarization.

Kind regards,
Robert Iakobashvili
............................


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20251003/8798d495/attachment-0001.htm>

More information about the Interest mailing list