For testing I moved our "universal" (iOS, macOS, tvOS, watchOS) xcframework from one Mac to another for testing, and encountered this issue when testing the macOS slice: not valid for use in process using Library Validation: library load disallowed by system policy and “X.framework” can’t be opened because Apple cannot check it for malicious software. This software needs to be updated. Contact the developer for more information. It appears that the xcframework needs to be notarized. However, the WWDC on notarization talks about enabling Hardened Runtime. Our xcframework projects don't seem to have Hardened Runtime as an option. Is it not needed? And what roughly is the process of notarizing an xcframework? If I take all I've listened to about notarization from WWDC videos (keeping in mind the term xcframework I did not hear occur once) it sounds like I should be zip archiving the xcframework using ditto with some special parameters, sending it off to get notarized, and then stapling the result to the original xcframework. Is that essentially correct? Is there more documentation on notarization of xcframeworks somewhere?

In WWDC 2020 an example was given that you could use a command like the following: $ swift package compute-checksum some.xcframework.zip and it would return a checksum that you can use in a Swift Package. When I zip my xcframework and run this command from the command line I get: error: root manifest not found What am I doing wrong?