Catalina’s GateKeeper has gotten stricter. Apps need to be “notarized”
by Apple, which in turn requires the “Hardened Runtime” to be enabled,
which in turn checks to make sure all libraries and plugins are signed
by the same developer (by default).
I don’t have enough information about specific your problem, but in
general your best solution is to:
Make sure all your libraries/frameworks/plugins are properly
codesigned with the same key you sign your app with. Enable the
hardened runtime when signing your app. Notarize.
Alternatively, if just for testing or for you & your friends, you
can ignore all code signing. Don’t enable the hardened runtime.
Or if you really need SDL.framework to be signed differently than
you and need the hardened runtime, you need to add the
com.apple.security.cs.disable-library-validation entitlement for the
codesigning phase.
I don’t remember if the prebuilt framework is signed by libSDL.org. If
it is, you should try stripping the signature. (Or building
SDL.framework yourself.)
This command will show a bunch of signature info if it is signed
codesign --verbose=4 --display SDL2.framework
This undocumented command will strip the signature (but it is
undocumented so it might be buggy)
codesign --remove-signature SDL2.framework
I had problems with stripping the signature a year or two ago. But I
recently tried it again and it seemed to work for me. So I’m thinking
the tool is buggy and/or Apple fixed it in a more recent version.
SDL_mixer may have dylibs or frameworks bundled inside of it, such as
decoder helper libs like libmpg123 or Ogg and Vorbis. These also have
to be signed with your same certificate.
Try signing all those embedded libraries in SDL_mixer and then sign SDL_mixer.
Or you could try signing SDL_mixer with the following flags to
automatically try to get the whole thing signed:
Using the --deep flag for codesign usually will recursively get
everything signed.
Using the --force flag for codesign will usually overwrite any prior
code signature that was there.