Re: Puzzle with Hardened Runtime entitlement
The Notarization process is recursive, in that it works its way down the application structure and checks each part as it goes. If you have applications embedded in your app it will check those, and will give you a report for them as well as the top app. Your report shows the top level app being rejected, not something embedded inside. This assumes the Ortelius 2.app is not embedded inside uninstaller program. In our case, we do embed inside an installer, and have several apps embedded in our overall package, so our notarization reports tend to be extensive, with entries for each subpart.toggle quoted messageShow quoted text
In our case, because of how we build the applications (we have about 7 that had to be Notarized), we use the command line method for both signing and notarization. Hardened Runtime is part of the code sign process; I don’t remember it adding an entitlement file to our apps (although it could. I’ll have to check). In any case, we are not currently adding hardened runtime because one of the embedded apps (from a third-party developer) was not properly signed. As I noted before, hardened runtime is not a current Notarization requirement, although Notarizing through Xcode still causes it to be required.
I wonder if your application code signing is being redone, removing the hardened runtime that was previously performed.