« Currency Data Type | Home | Xojo Developer Magazi… »

FileMaker Runtimes and hardened MacOS runtime

For Mac applications, there are two runtime modes they can use. The older one left for compatibility to older applications and the newer with enhanced security features. The hardened runtime checks code signatures and kills the application if unsigned code is detected. This makes hacking the application more difficult and provides better security.

The hardened runtime is required to notarize the application, which itself is required for application distribution to the upcoming MacOS 10.15 Catalina release to avoid annoying gate keeper dialogs. Some of those show already in MacOS 10.14.6, so we notarize our plugin downloads already.

See also Hardened Runtime Entitlements, Code Signing Services and Notarizing Your App Before Distribution on Apple website.

Since version 18.0.2 the FileMaker Pro Advanced application uses hardened runtime, which changes a few things. If you build a runtime and run it, you may see a crash report immediately reporting a broken signature:

Process:       Runtime [29749]
Path:         /Users/USER/Desktop/*/Untitled.app/Contents/MacOS/Runtime
Identifier:      com.filemaker.client.runtime12.Untitled
Version:       ???
Code Type:      X86-64 (Native)
Parent Process:    ??? [1]
Responsible:     Runtime [29749]
User ID:       501
 
Date/Time:      2019-09-02 12:42:16.313 +1000
OS Version:      Mac OS X 10.14.6 (18G95)
Report Version:    12
Anonymous UUID:    CF5AE25A-02E7-220E-59C8-7DBB94C49A74
 
 
Time Awake Since Boot: 340000 seconds
 
System Integrity Protection: enabled
 
Crashed Thread:    0
 
Exception Type:    EXC_CRASH (Code Signature Invalid)
Exception Codes:   0x0000000000000000, 0x0000000000000000
Exception Note:    EXC_CORPSE_NOTIFY
 
Termination Reason:  Namespace CODESIGNING, Code 0x1


The reason is simple. The runtime template application is code signed by FileMaker Inc. as this is a requirement to include it with a notarized download. But when building the runtime, this app is copied and modified. This breaks the code signature. You can remove the code signature to just run the runtime again with the following terminal command:

codesign --remove-signature /Users/cs/Desktop/test/test.app


Just paste "codesign --remove-signature " into Terminal window and drop the application on the terminal window to get the path entered. Press return to run the command. Now the runtime works on your computer.

To distribute the runtime to end users, you will need to
  • Become a paid Apple Developer member ($99 per year)
  • Create your codes signature certificate on the Apple website and install in keychain
  • Code sign your runtime app (see script included with MBS Plugin download and blog article)
  • Build a disk image
  • Notarize your application (see blog article)

Optionally you can use App Wrapper application to help you doing those steps via GUI.

PS: Don't forget that runtimes are deprecated for years and may go away in future FileMaker releases. Please consider joining SBA program from Claris, so you can offer FileMaker Pro and Server bundled with your application with reduced license prices.
03 09 19 - 09:36