From 8d91e1e680d322bdcc4852107ed7eb8e8c3e74ad Mon Sep 17 00:00:00 2001
From: SeongTae Jeong <seongtaejg@gmail.com>
Date: Wed, 6 Dec 2023 11:22:53 +0900
Subject: [PATCH] build(macos): Disable 'Hardend Runtime' security option
 (#3357)

Turn off the 'Hardend Runtime' security option to allow users to load
external libraries (signed with a different team id or unsigned).

But in this case Apple does not allow notarization.
So GateKeeper will block the execution.

Reference:
https://developer.apple.com/documentation/security/hardened_runtime
https://support.apple.com/guide/security/gatekeeper-and-runtime-protection-sec5599b66df/web

Resolve: #3357
---
 .github/actions/notarize-macos/action.yml | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/.github/actions/notarize-macos/action.yml b/.github/actions/notarize-macos/action.yml
index b5689a542..475f7936e 100644
--- a/.github/actions/notarize-macos/action.yml
+++ b/.github/actions/notarize-macos/action.yml
@@ -107,7 +107,7 @@ runs:
           codesign --sign "${{ inputs.DEV_ID }}" --deep --force --options=runtime --strict --timestamp "$TARGET/Contents/Extensions/fileio.dylib"
           codesign --sign "${{ inputs.DEV_ID }}" --deep --force --options=runtime --strict --timestamp "$TARGET/Contents/Extensions/formats.dylib"
           codesign --sign "${{ inputs.DEV_ID }}" --deep --force --options=runtime --strict --timestamp "$TARGET/Contents/Extensions/math.dylib"
-          codesign --sign "${{ inputs.DEV_ID }}" --deep --force --options=runtime --strict --timestamp "$TARGET"
+          codesign --sign "${{ inputs.DEV_ID }}" --deep --force --strict --timestamp "$TARGET"
         done
 
     - name: Move app bundle to installer folder for DMG creation
@@ -144,13 +144,6 @@ runs:
           appdmg --quiet installer/macos/nightly.json "$TARGET"
         fi
 
-        codesign --sign "${{ inputs.DEV_ID }}" --verbose --options=runtime --timestamp "$TARGET"
+        codesign --sign "${{ inputs.DEV_ID }}" --verbose --timestamp "$TARGET"
         codesign -vvv --deep --strict --verbose=4 "$TARGET"
 
-    - name: Notarize the dmg
-      shell: bash
-      run: xcrun notarytool submit *.dmg --apple-id "${{ inputs.APPLE_ID }}" --password "${{ inputs.APPLE_PW }}" --team-id "${{ inputs.TEAM_ID }}" --wait
-
-    - name: Staple the notarization ticket
-      shell: bash
-      run: xcrun stapler staple *.dmg