您必须打开 tar ， zip 或 jar 的包装>文件，对所有有错误的文件进行代码签名，然后重新打包。

You have to unpack your tar, zip or jar file, codesign all the files that have errors and repackage them.

只需检查日志并对所有错误进行代码签名，然后对整个应用程序进行签名。
对我来说，我使用以下两个命令。

Just go through the logs and codesign all of them with errors, and then sign the app as a whole. For me, I use the following two commands.

find ./MyApp -type f \
 -exec codesign --timestamp \
 --keychain /Users/builduser/Library/Keychains/login.keychain-db \
 -s 'Developer ID Application: XXXXXXXX' -f --verbose=9 --deep \
 --options=runtime --entitlements entitlements.xml {} +

然后签名应用

codesign --timestamp \
 --keychain /Users/builduser/Library/Keychains/login.keychain-db \
 -s 'Developer ID Application: XXXXXXXX' -f --verbose=9 --deep \
 --options=runtime --entitlements entitlements.xml MyApp

您必须使用-options = runtime运行代码签名。
这是指南。

如果您正在构建Java应用程序，这些链接也可能会有所帮助：

If you are building Java apps, these links might also be helpful: How to build MacOS app with hardened runtime in AppBundler

https://bitbucket.org/infinitekind/appbundler/issues/ 39 / build-with-hardened-runtime