Swift package executable with hardened runtime

I have a command-line tool built from a swift package with an executable target that I need to include in a macOS app. When I attempt to notarize the macOS app, I get an error about the command-line tool needing hardened runtime.

If I run the deprecated swift package generate-xcodeproj to build an Xcode project, the project is automatically set up to build with hardened runtime. However, it appears that if you edit Package.swift you need to regenerate the Xcode project. Is there any way to build with hardened runtime without Xcode? I've seen a few examples of including build flags using -Xswiftc or -Xlinker but it's not clear how you'd use those to set ENABLE_HARDENED_RUNTIME to yes.

Jim

The hardened runtime is controlled by a code signing flag. Specifically, you pass -o runtime to codesign. I’m not sure how to configure SPM to set that.

Share and Enjoy

Quinn “The Eskimo!” @ DTS @ Apple

1 Like

Thanks! I should have known that, I have a pretty detailed code signing script for a different app that uses that flag.

I haven't been able to configure Xcode to build and embed the command line tool into the main app while still archiving only the main app, so for proper integration I'll have to set up a run script and integrating code signing shouldn't be a problem.

Update: Using a run script phase to sign and embed the executable generated by the SPM package was easy and integrates cleanly into the main app project.

2 Likes