cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
oversampled
Level 3

MacOS 10.15 Notarization of FNE Clients will require library update.

An update to the FNE libraries is urgently required to address the Apple notarization requirements.

Currently the 2019.11 libraries are built using OSX SDK 10.8.  It is a requirement for notarization that all libraries are built using SDK10.9 or later.

It would be reassuring to hear some news about this.

 

 

(7) Replies
tphamda
Revenera
Revenera

We apologize for the late reply due to the holiday period. Our engineers are aware of this issue with notarization and are working on a solution. However, we do not have any additional details to provide at this time. 

Hello,

we have the same issue and need the signed libs, since apple will reject unnotarized applications on 10.14 with the start of february; unless you disable it in gatekeeper.

 

Best Regards

 

0 Kudos
stevebaxter
Level 3

This is now an emergency. As of yesterday, Apple are now enforcing their notarisation rules, and the FNE libraries don't meet the requirements. This means that we are no longer able to ship any products that use FNE.

    {
      "severity": "error",
      "path": "xxx/Versions/A/Frameworks/libFlxCore.2017.02.dylib",
      "message": "The signature algorithm used is too weak.",
      "docUrl": null,
      "architecture": "i386"
    },
    {
      "severity": "error",
      "path": "xxx/Versions/A/Frameworks/libFlxCore.2017.02.dylib",
      "message": "The binary uses an SDK older than the 10.9 SDK.",
      "docUrl": null,
      "architecture": "i386"
    },

Please can you tell us when an update will be available?

Cheers,

Steve

0 Kudos

This is already fixed in our latest version of toolkit. Please check below community link to know more on this.

https://community.flexera.com/t5/FlexNet-Embedded-News/FlexNet-Embedded-2019-R2-SP2-Release/ba-p/131250

Unfortunately it looks like though the 2020.01 Flexera libraries are now signed, they are incompatible with Apple's "hardened runtime" because of the way they load their dynamic libraries:

https://developer.apple.com/documentation/security/hardened_runtime_entitlements?language=objc

To work around this, I think we need to add the "com.apple.security.cs.disable-library-validation" entitlement to our application. Obviously this weakens the hardened runtime protections though!

dekumar - any plans to improve this?

0 Kudos
Mx-Andy
Level 2

Hello,

we still have an issue with the notarization. The updated Flexera libraries helped us to pass Apples notarization process, but unfortunately the libraries are not loaded during runtime.

We were wondering what might be the reason for this.

Where is the corect place to put the dylibs in the app package? Currently we have put them to Contents/Resources, but we assume Contents/Frameworks would be more accurate. Yet they are not loaded, if we put them there.

Does anyone have a similar problem? How do you tell your application, where to look for the FNE dylib files? Did we miss something?

Is there a guide how to proper launch your application with Flexera?

Thanks

0 Kudos

We had to add the "com.apple.security.cs.disable-library-validation" entitlement to our app as Flexera loads the libraries programatically. Have you added this?

Cheers,

Steve