Notarization

RSS for tag

Notarization is the process of scanning Developer ID-signed software for malicious components before distribution outside of the Mac App Store.

Posts under Notarization tag

125 Posts
Sort by:

Post

Replies

Boosts

Views

Activity

Notarisation Resources
IMPORTANT altool is deprecated for the purposes of notarisation and will stop working on 1 Nov 2023 [1]. If you’re currently notarising with altool, switch to notarytool now. For specific advice on how to do this, see TN3147 Migrating to the latest notarization tool. General: DevForums tag: Notarization WWDC 2018 Session 702 Your Apps and the Future of macOS Security WWDC 2019 Session 703 All About Notarization WWDC 2021 Session 10261 Faster and simpler notarization for Mac apps WWDC 2022 Session 10109 What’s new in notarization for Mac apps — Amongst other things, this introduced the Notary REST API Notarizing macOS Software Before Distribution documentation Customizing the Notarization Workflow documentation Resolving Common Notarization Issues documentation Notary REST API documentation TN3147 Migrating to the latest notarization tool technote Fetching the Notary Log DevForums post Q&A with the Mac notary service team Developer > News post Notarisation and the macOS 10.9 SDK DevForums post Testing a Notarised Product DevForums post Notarisation Fundamentals DevForums post The Pros and Cons of Stapling DevForums post Many notarisation issues are actually code signing or trusted execution issue. For more on those topics, see Code Signing Resources and Trusted Execution Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" [1] See Apple notary service update.
0
0
1.9k
Mar ’24
xcrun notarytool store-credentials -> HTTP status code: 401. Invalid credentials error
Hi, I am getting following error from following command, although I am 100% sure that I am entering the right credentials: Command: xcrun notarytool store-credentials "MY_PROFILE" --apple-id “***” --team-id "yyy" --password "zzz" Error: Error: HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct. ***->https://appleid.apple.com/account/manage/email and phone number -> apple id email (email address used for developer account) yyy->https://developer.apple.com/account#MembershipDetailsCard/Team ID -> 10 digit nummer zzz->https://appleid.apple.com/account/manage/App-Specific Passwords created and used I just copy pasted every single item from the defined locations above. I would appreciate for an answer. Best Regards
2
0
133
4d
Inquiry About Using notarytool on a Separate Machine for Notarizing macOS Apps
Hello, I am currently developing a macOS application using macOS 10.15.7 and Xcode 11.1. My application is distributed directly to users via a server, not through the App Store. I recently came across the following announcement: "Starting November 1, 2023, the Apple notary service no longer accepts uploads from altool or Xcode 13 or earlier. If you notarize your Mac software with the Apple notary service using the altool command-line utility or Xcode 13 or earlier, you need to transition to the notarytool command-line utility or upgrade to Xcode 14 or later." Given this change, I understand that I need to use notarytool or upgrade to Xcode 14 or later for notarization. However, upgrading my current development environment is not feasible at the moment. I would like to know if it is possible to build my application on my current environment (macOS 10.15.7 and Xcode 11.1) and then transfer the built application to a separate machine running macOS 11.0 or later with Xcode 14 or later installed, to perform the notarization using notarytool. Could you please confirm if this approach is acceptable and if there are any specific steps or considerations I should be aware of when using notarytool on a separate machine for notarizing my application? Thank you for your assistance. Best regards, WJohn
1
0
102
6d
Agreed to legal agreements but still get "required agreement is missing or has expired"
We've been notarizing apps for a while now and have been through agreement changes before. But we still keep getting the following error when trying to notarize: Conducting pre-submission checks for myapp.dmg and initiating connection to the Apple notary service... Error: HTTP status code: 403. A required agreement is missing or has expired. This request requires an in-effect agreement that has not been signed or has expired. Ensure your team has signed the necessary legal agreements and that they are not expired. We've been through every document in our account to ensure it is signed. Is there any way to determine what document is not signed or what our issue is ? ...thanks
1
0
225
1w
Notarization submissions stuck on 'In Progress'
Good day, I'm trying to get my app notarized, so I can distribute it, but my submissions get stuck on 'In Progess'. On the 20th of June I made several submissions which seems to have disappeared. When I do 'xcrun notarytool history' they are not there anymore. On the 21th Of June I made 2 new submission attempts with ids d68ca68e-ddfb-42c2-a491-0b24ac6efdc2 and 5f0118c9-0edd-4213-827b-a2ff53e40f27, which had been running for several hours last time I checked on the the 21th, but have also disappeared over the weekend from my history. I checked the app with the steps described here: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues, but all the checks were fine. Since there is no error message or log, I have no clue why my submissions get stuck on 'In Progress' or disappear. I've just submitted a new attempt with id 23a39a69-79a8-435c-a500-17ce1422c1fc and again it's stuck. Can anybody give any assistance?
0
0
195
2w
Gatekeeper blocks command line tool after signing and notarization
I have signed and notarized a single executable file command line tool developed outside Xcode, and distributed outside of the App store by way of a download from a website as follows below, but nevertheless gatekeeper blocks running the tool with the usual message, just like without signing or notarization. If I remove the com.apple.quarantine xattr, the tool runs as it should without gatekeeper interference, as expected. I have browsed countless posts here, with similar issues, but in the end I can't find what's wrong with the process. From what I gather, as long as the target Mac is connected to the Internet, stapling should not be required (I do understand I can't staple a single file executable command line tool), although Gatekeeper would be expected to complain in the case of the first run being done without Internet connection. The certificate is a "Developer Id Application" certificate, installed and valid on the machine doing the signing. It is unclear to me what the distinction is between "Developer Id Application" and "Developer Id Installer" certificates, but it's confusing that using -t install with spctl will actually accept the app. The app is open source and available on GitHub (although the full distribution packaging is done in a separate build environment with some additional logic). The app used below as the target for signing and notarization is available to download from https://www.axantum.com/ in a .tar.gz archive. Here follows a log of commands and output: XecretsCli.plist: (This was necessary to add to the signing to avoid corruption of the executable by the code signing) codesign -s GCXRMT5SQC -f --timestamp -s 0CF6800E595AA6DE9EBB905066619A9BFDD17A77 --entitlements XecretsCli.plist -o runtime XecretsCli codesign -d -vvv --entitlements :- XecretsCli Executable=/Users/svante/Downloads/XecretsCli-Osx-2.3.567 3/XecretsCli Identifier=XecretsCli Format=Mach-O thin (x86_64) CodeDirectory v=20500 size=271478 flags=0x10000(runtime) hashes=8473+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=d3a8216fcb22b4a4af7bd0157ecc3d2b6be9f9b2 CandidateCDHashFull sha256=d3a8216fcb22b4a4af7bd0157ecc3d2b6be9f9b20c9e3c17e107f08c7ae75c5a Hash choices=sha256 CMSDigest=d3a8216fcb22b4a4af7bd0157ecc3d2b6be9f9b20c9e3c17e107f08c7ae75c5a CMSDigestType=2 CDHash=d3a8216fcb22b4a4af7bd0157ecc3d2b6be9f9b2 Signature size=8987 Authority=Developer ID Application: Axantum Software AB (GCXRMT5SQC) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=Jun 20, 2024 at 13:26:05 Info.plist=not bound TeamIdentifier=GCXRMT5SQC Runtime Version=13.1.0 Sealed Resources=none Internal requirements count=1 size=172 Warning: Specifying ':' in the path is deprecated and will not work in a future release codesign -v -vvv --strict --deep XecretsCli XecretsCli: valid on disk XecretsCli: satisfies its Designated Requirement zip XecretsCli.zip XecretsCli adding: XecretsCli (deflated 63%) xcrun notarytool submit "XecretsCli.zip" --keychain-profile "Notarize" --wait Conducting pre-submission checks for XecretsCli.zip and initiating connection to the Apple notary service... Submission ID received id: e5990902-3101-42de-a1a6-b9ea40b944b8 Upload progress: 100.00% (12.4 MB of 12.4 MB) Successfully uploaded file id: e5990902-3101-42de-a1a6-b9ea40b944b8 path: /Users/svante/Downloads/XecretsCli-Osx-2.3.567 3/XecretsCli.zip Waiting for processing to complete. Current status: Accepted........ Processing complete id: e5990902-3101-42de-a1a6-b9ea40b944b8 status: Accepted spctl -a -vvv XecretsCli XecretsCli: rejected (the code is valid but does not seem to be an app) origin=Developer ID Application: Axantum Software AB (GCXRMT5SQC) spctl -a -vvv -t install XecretsCli XecretsCli: accepted source=Notarized Developer ID origin=Developer ID Application: Axantum Software AB (GCXRMT5SQC) Trying to run the executable: "XecretsCli" can't be opened because the identity of the developer cannot be confirmed. Your security preferences allow installation of only apps from the App Store and identified developers. Chrome downloaded this file today at 10:37. OK
3
0
324
3w
Notarisation failing with “The signature of the binary is invalid"
Error: { “logFormatVersion”: 1, “jobId”: “1654af2a-ff0e-46ff-8839-5c374e63228b”, “status”: “Invalid”, “statusSummary”: “Archive contains critical validation errors”, “statusCode”: 4000, “archiveFilename”: “LocalApp-macosx.zip”, “uploadDate”: “2024-06-12T05:33:53.719Z”, “sha256”: “28ffff0e2c33b2f57a9f1c25677e84232bfa04b1ef5341130afbbf18093ba0ab”, “ticketContents”: null, “issues”: [ { “severity”: “error”, “code”: null, “path”: “LocalApp-macosx.zip/LocalApp-macosx.app/Contents/Resources/Java/Disk1/InstData/Resource1.zip/$BUILD_ROOT$/Desktop/collaborator.app_zg_ia_sf.jar/Contents/MacOS/applet”, “message”: “The signature of the binary is invalid.”, “docUrl”: "“Resolving common notarization issues | Apple Developer Documentation ", “architecture”: “i386” }, { “severity”: “error”, “code”: null, “path”: “LocalApp-macosx.zip/LocalApp-macosx.app/Contents/Resources/Java/Disk1/InstData/Resource1.zip/$BUILD_ROOT$/Desktop/collaborator.app_zg_ia_sf.jar/Contents/MacOS/applet”, “message”: “The signature of the binary is invalid.”, “docUrl”: ““Resolving common notarization issues | Apple Developer Documentation”, “architecture”: “x86_64” } ] } Why is the binary regarded as invalid and what remedy is recommended?
1
0
244
3w
Testflight Build Erro - DVTAppStoreConnect.ServiceBackendError error 1.
Hi guys, I'm trying to make a test flight build (first time in a while) in Xcode 16.0 Beta for a visionOS 2.0 beta test. When I click Distribute App, It preps and creates the app but fails on the next step "creating app record..." with this code The operation couldn’t be completed. (DVTAppStoreConnect.ServiceBackendError error 1.) My account is old with a ton of certs, identifers, profiles etc. I've tied setting up a new one but that doesn't seem to fix the issue ( though I might have easily missed a step? ) Any help on how to solve this?
0
0
248
3w
Distribution the macOS app include dext. No profiles for ---- were found
I developed an app including driver extension. So I tried to distribute it to users. Of course, it works fine in my Mac. I pressed "direct distribution" through the distribution menu in xcode, but the error occurred as below. I also checked that distribution are fine with TestFlight(internally), checked unregistered mac device. I can't figure out what's wrong, so I'm asking for help. Thank you.
3
0
220
3w
Notarize stuck "In Progress"
Hello, I've developed an application using ElectronNET with C# and Blazor Server. I have managed to deploy to both Windows and the web but having trouble deploying the application to my Mac users. It's my first time deploying an application for Mac but feel like I'm stuck at the last hurdle and out of ideas so I'm reaching out for help. My application is successfully signing but during the build and when my Notarize.js is running it seems to get stuck indefinitely. I can check and see the status of the Notarize attempts but they seem to be stuck "In Progress". Here are the logs. Successfully received submission history. history -------------------------------------------------- createdDate: 2024-06-12T22:16:35.362Z id: 26192605-001b-46ae-b622-9a79c20e1e93 name: CustomerSupportDashboard.zip status: In Progress -------------------------------------------------- createdDate: 2024-06-12T18:51:21.772Z id: 6a34501c-8f48-4986-ae5e-82a99320dcbc name: CustomerSupportDashboard.zip status: In Progress -------------------------------------------------- createdDate: 2024-06-12T15:13:44.722Z id: ea5cd928-8207-4d25-b74a-45b04960dbe0 name: CustomerSupportDashboard.zip status: In Progress -------------------------------------------------- createdDate: 2024-06-12T14:24:48.776Z id: 00ccd1f9-daa4-4bba-9a86-9f577c51f26b name: CustomerSupportDashboard.zip status: In Progress -------------------------------------------------- createdDate: 2024-06-12T14:07:43.116Z id: bf5dfa9c-9702-413b-8fbb-94017e930bcf name: CustomerSupportDashboard.zip status: In Progress These have been running for over 6hours now and it's my understanding it should take minutes, correct me if I'm wrong? Here is my Notarize script if it helps diagnose what might be happening. Although the requests seem to be going through ok so it doesn't seem likely. const { join } = require('path'); const fs = require('fs-extra'); exports.default = async function notarizing(context) { const { electronPlatformName, appOutDir } = context; if (electronPlatformName !== 'darwin') { console.log("Not a macOS platform, skipping notarization."); return; } const appName = context.packager.appInfo.productFilename; const appPath = `${appOutDir}/${appName}.app`; const zipPath = `${appOutDir}/${appName}.zip`; console.log(`Zipping the app at path: ${appPath} to: ${zipPath}`); // Zip the app await new Promise((resolve, reject) => { execFile('zip', ['-r', zipPath, appPath], (error, stdout, stderr) => { if (error) { console.error(`Failed to zip app: ${stderr || stdout}`); reject(new Error(`Failed to zip app: ${stderr || stdout}`)); } else { console.log(`Successfully zipped app: ${stdout}`); resolve(); } }); }); console.log(`Notarizing the app with Apple ID: *************.*****@*******.****`); await new Promise((resolve, reject) => { execFile('xcrun', [ 'notarytool', 'submit', zipPath, '--apple-id', '*************.*****@*******.****', '--password', '****-****-****-****', '--team-id', '**********', '--wait', '--output-format', 'json' ], (error, stdout, stderr) => { if (error) { console.error(`Notarization failed: ${stderr || stdout}`); reject(new Error(`Notarization failed: ${stderr || stdout}`)); } else { console.log(`Successfully notarized: ${stdout}`); resolve(); } }); }); }; ```
3
0
400
Jun ’24
Notarization and weak linking to 3rd-party frameworks
Hi there, My app detects connected BlackMagic devices on a user's machine and this is done using the DeckLink SDK which first tries to load /Library/Frameworks/DeckLinkAPI.framework using CFBundleCreate. I have not been able to create a notarized app which successfully detects the devices. Either the DeckLinkAPI works or the app starts up without showing "the developer cannot be verified" on my test computer but never both. This is what I've tried so far: signed app: DeckLinkAPI available hardened runtime: DeckLinkAPI not available hardened runtime + com.apple.security.cs.disable-library-validation: DeckLinkAPI available, notarization succeeds yet the "the developer cannot be verified" I've also tried to use weak linking to DeckLinkAPI.framework instead of including the SDK's CFBundleCreate code but that made no difference: I still needed the com.apple.security.cs.disable-library-validation entitlement for that to work which caused "the developer cannot be verified". DeckLinkAPI.framework is notarized: > codesign --test-requirement="=notarized" --verify --verbose /Library/Frameworks/DeckLinkAPI.framework /Library/Frameworks/DeckLinkAPI.framework: valid on disk /Library/Frameworks/DeckLinkAPI.framework: satisfies its Designated Requirement /Library/Frameworks/DeckLinkAPI.framework: explicit requirement satisfied Is there any way to successfully notarize an app to use the DeckLink SDK or any other thirdparty notarized framework which is distributed seperately?
2
0
347
Jun ’24
get the error even though enabled Hardened Runtime
Hello there. I'm having trouble with notarization in Xcode. I'm developing a Swift Mac app with Xcode 14, but even when I enable Hardened Runtime and perform notarization, it displays the message "Hardened Runtime is not enabled" and I can't proceed. The steps for notarization are [Window] -> [Organizer] -> [Distribute App] -> [Developer ID] [Next] -> [Upload]. Could you please tell me what I should check, or any other information? I've attached screenshots. Thank you.
1
0
327
Jun ’24
Best container for automated download & running of installer .pkg
(Skippable) Backstory: I have an app that customers initially install by: Going to our website in a browser, downloading a (notarized) disk image, mounting it, opening the (Developer ID-signed) installer package therein, and following the prompts to completion. Once installed, this app has a button you can click that will check for updates and possibly install them. When you click this button: Our app contacts an HTTPS API on our servers to see if there is an update If there is an update, the API responds with a download URL to the aforementioned notarized disk image, and the SHA-512 hash of the disk image Our app downloads the disk image, and verifies the SHA-512 hash of the download Our app mounts the DMG Our app uses /usr/sbin/pkgutil --check-signature (although I do hope to switch to SecStaticCodeCheckValidity() in the future) to verify that the OS thinks that the installer package is properly signed, and also that the organization unit on the leaf certificate for the code signing key used to sign the installer is exactly equal to our Apple Team ID Our app uses /usr/sbin/installer -package ... -volinfo to verify that the installer package thinks it can install onto the host Our app uses /usr/sbin/installer -package ... -target / to install the software update For 98%+ of our users, this update process works great. For a tiny portion of users, we're seeing that hdiutil reports that it failed to attach the disk image. For the even tinier portion of users from whom we have obtained debug logs, one of the errors we've seen is "not recognized"; however, I don't know if that's the most common error, due to the small sample size. Before I get much further, I think it's prudent to acknowledge that the above system we're using today is pushing a decade old now, and it's probably wise to verify the foundations. So... For a Developer-ID-signed macOS app that is distributed outside the Mac App Store using an installer package, what is the "best" container/packaging system for an automated system to obtain and consume the installer package with the goal of a user-initiated self-update? For example: Notarized disk image (and failures to attach the image need to be bug reports to Apple) Just the installer package (If I understand correctly, this is bad because it bypasses the automatic propagation (normally performed by macOS) of the DMG's notary ticket to the pkg, right?) Something else? Secondly, what are some common developer mistakes to avoid? For example, these come to mind: When saving the DMG to disk, explicitly enable quarantine on the DMG, so that macOS runs appropriate security checks as intended (is this correct?) When running the installer package, do not use low-level tools (like cp) to copy the pkg out of the DMG, because macOS won't be able to automatically find the notary ticket when the pkg is installed (is this correct?) Anything else? Additional context: We currently support macOS 10.13+, but we will soon support only macOS 10.15+. Thank you!
7
0
512
May ’24
Python app keeps failing notarytool
Hi! I am fairly new to Mac/ Python development. I have written a python script that includes the lovely customTkinter Library. the app works, I have checked it extensively, but after creating an executable with both Pyinstaller and Py2app, my app keeps failing notarization. I have the developer account, I have the Developer ID application: Name (xxxxxxxxxx). My last attempt with py2app, I try to codesign the .app bundle with : codesign --deep --force --verbose --options=runtime --timestamp --sign "Developer ID Application: Lennert Esser (5823RMSZ52)" XYZ\ 2\ OSC.app if I do that, I receive a clean message that XYZ 2 OSC.app: signed app bundle with Mach-O universal (x86_64 arm64) [com.myname.appname.app] the verify of the code signature gives nice messages as well: --prepared:/Users/lennert/Documents/SoftwareDevelopment/PythonLocal/Pozyx/dist/XYZ 2 OSC.app/Contents/MacOS/python --validated:/Users/lennert/Documents/SoftwareDevelopment/PythonLocal/Pozyx/dist/XYZ 2 OSC.app/Contents/MacOS/python .... XYZ 2 OSC.app: valid on disk XYZ 2 OSC.app: satisfies its Designated Requirement So I would say, so far so good...? BUT.... if I try to notarize my archived .app bundle. the notarization fails, with looadddssss of errors, with both: "The signature does not include a secure timestamp." and "The binary is not signed with a valid Developer ID certificate." I am completely stuck. Believe me, I have tried everything. Google, ChatGTP, multiple tries to codesign everything separately with: find /path/to/my/app/contents -type f -exec codesign -s "Developer ID application: Name (xxxxxxxxxx)" {} ; please, please someone help me explain what I am doing wrong....
3
0
416
May ’24
Need Help for Notarization
Hello Developer Community, I hope you all are doing well. We need your help to find out about one issue in Mac application deployment outside the App Store. As required notarization, if we want to release the product outside the App Store. We have built the application in ElectronJS and signed it with Developer ID Installer. The next step is notarization, where we get the issue. It says, "Team is not yet configured for notarization." We raised the problem with the Apple team 6 months ago and are still getting the same response from them: "Our engineering team is working on it." without having a timeline. I want to confirm if someone has had the same issue, how long it can take to resolve this, or if you have any solutions. Your support means a lot to us. Thanks. Dhiren Patel
1
0
261
May ’24
Notary tool returns status: Invalid
I am pretty much at a loss here... In the past I used altool which worked. Not sure of related though, been a while since. But the same build script I use, just replaced altool with notarytool I first codesigen `MYNAME@MYMACNAME ~ % codesign --verbose --force --options runtime --timestamp --sign "COMPANYSIGN" "/Volumes/DiskW/projects-cool-MYNAME/MYPRODPATH/osx/final_MYPRODNAME-dist/mac-MYPRODNAME-files/MYPRODNAME.app" /Volumes/DiskW/projects-cool-MYNAME/MYPRODPATH/osx/final_MYPRODNAME-dist/mac-MYPRODNAME-files/MYPRODNAME.app: replacing existing signature /Volumes/DiskW/projects-cool-MYNAME/MYPRODPATH/osx/final_MYPRODNAME-dist/mac-MYPRODNAME-files/MYPRODNAME.app: signed app bundle with Mach-O thin (x86_64) [com.MYCOMPANY.MYPRODNAME] MYNAME@MYMACNAME ~ % ` Then display entitlements: MYNAME@MYMACNAME ~ % codesign --verbose --display --entitlements :- "/Volumes/DiskW/projects-cool-MYNAME/MYPRODPATH/osx/final_MYPRODNAME-dist/mac-MYPRODNAME-files/MYPRODNAME.app" Executable=/Volumes/DiskW/projects-cool-MYNAME/MYPRODPATH/osx/final_MYPRODNAME-dist/mac-MYPRODNAME-files/MYPRODNAME.app/Contents/MacOS/MYPRODNAME Identifier=com.MYCOMPANY.MYPRODNAME Format=app bundle with Mach-O thin (x86_64) CodeDirectory v=20500 size=127176 flags=0x10000(runtime) hashes=3967+3 location=embedded Signature size=9057 Timestamp=16 May 2024 at 11.49.11 Info.plist entries=17 TeamIdentifier=MYTEAMID Runtime Version=10.16.0 Sealed Resources version=2 rules=13 files=279 Internal requirements count=1 size=188 MYNAME@MYMACNAME ~ % Then I try do notarization (see next post)
6
0
515
May ’24
Sign and Notarization succeed, but package and installer is damaged
Hello, I've been trying to update my application since days, tried everything, all my environment is unchanged except update to the latest xcode version, I only fixed a bug in my code, and updated my expired certifacates with the same IDs. I've also been able to test the app with testflight. The app is built successfuly, validated, uploaded to the apple connect, submited for review, accepted and published online on the mac app store. I've been able to update the application with the mac app store. Now here is the problem: if I delete the application, and try to reinstall it from the app store, it says: unable to install, try again later - then the mac app store is stuck, I need to quit / restart to be able to try a new install. I also distribute my application outside of the mac app store, I've also signed and notarized my app successfully, with my developer id certificate, I tried with organizer, and also with xcrun notary on the command line, all is ok, but when I run the exported application, it says that the application is damaged (so right click/open works, and the app works well). The only thing that I can see is this (compared with my previous version): spctl -a -vvv -t install myapp.app: myapp.app: rejected (invalid destination for symbolic link in bundle) I don't have the error on my previous version. I've checked all the links inside the package, I don't see any problem or invalid link (and the app can run perfectly.... ) I've also check the logs.json file after the notary result, no problem appears. the whole structure of the application and files inside the .app is exactly the same between the previous version, and the new one with that problem. hope that someone could help me to solve this problem :)
3
0
439
May ’24
Notarization taking a lot of time
Hello, we have a pkg file which used to be easily notarized using a particular apple id, but after we shifted to another account it is taking like forever. We have created an app-specific-password and made use of it. Anything that we have done incorrectly? Current status: In Progress........................................................[12:12:27.335Z] Info [API] Waiting 20 seconds before next poll... [12:12:47.337Z] Info [API] Preparing GET request to URL: https://appstoreconnect.apple.com/notary/v2/submissions/***-xxxxxx?, Parameters: [:], Custom Headers: private<Dictionary<String, String>> [12:12:47.338Z] Debug [AUTHENTICATION] Using cached token value for app-specific password request: xxxxx:xxxxx@*** [12:12:47.338Z] Debug [AUTHENTICATION] Authenticating request to '/notary/v2/submissions/***-xxxxxx' with WebServices Token. AppleID: xxxx@***, Team ID: xxxxxxxxxx, Token: private<String> [12:12:47.339Z] Debug [TASKMANAGER] Starting Task Manager loop to wait for asynchronous HTTP calls. [12:12:47.886Z] Debug [API] Received response status code: 200, message: no error, URL: https://appstoreconnect.apple.com/notary/v2/submissions/***-xxxxxx?, Correlation Key: GBCZEFTI5NQ3263GKRANCEPD4I [12:12:47.887Z] Debug [TASKMANAGER] Completed Task with ID 58 has received a parsable response. [12:12:47.887Z] Debug [TASKMANAGER] Ending Task Manager loop. [12:12:47.888Z] Info [API] Received new status: In Progress
2
0
366
Jun ’24
python app Notarization The signature of the binary is invalid.
codesign --sign "Apple Development: deok cheul kim (DK46XUS3ZB)" --deep --force --options=runtime --entitlements ./entitlements.plist --timestamp ./mediasend_PC_module_mac_V1.app codesign -vvv --deep --strict mediasend_PC_module_mac_V1.app mediasend_PC_module_mac_V1.app: valid on disk mediasend_PC_module_mac_V1.app: satisfies its Designated Requirement spctl --assess --type execute --verbose mediasend_PC_module_mac_V1.app mediasend_PC_module_mac_V1.app: rejected xcrun notarytool store-credentials "kdcProfile" --apple-id "kdc07..." --password "emfc-lmhz-kynx-xqyy" ditto -c -k --sequesterRsrc --keepParent mediasend_PC_module_mac_V1.app mediasend_PC_module_mac_V1.zip xcrun notarytool submit "mediasend_PC_module_mac_V1.zip" --keychain-profile "kdcProfile" --wait Conducting pre-submission checks for mediasend_PC_module_mac_V1.zip and initiating connection to the Apple notary service... Submission ID received id: 431e50cc-131a-48eb-be1e-6e1139dea347 Upload progress: 100.00% (15.7 MB of 15.7 MB) Successfully uploaded file id: 431e50cc-131a-48eb-be1e-6e1139dea347 path: /Users/sinaburo7/Desktop/appleCert/mediasend_PC_module_mac_V1.zip Waiting for processing to complete. Current status: Invalid............ Processing complete id: 431e50cc-131a-48eb-be1e-6e1139dea347 status: Invalid xcrun notarytool log 431e50cc-131a-48eb-be1e-6e1139dea347 --keychain-profile "kdcProfile" { "logFormatVersion": 1, "jobId": "431e50cc-131a-48eb-be1e-6e1139dea347", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "mediasend_PC_module_mac_V1.zip", "uploadDate": "2024-04-30T04:19:29.294Z", "sha256": "0661974c3a2e073ab21b15bd0c65a8647bfe756fa42e07d2bb0522a20850de32", "ticketContents": null, "issues": [ { "severity": "error", "code": null, "path": "mediasend_PC_module_mac_V1.zip/mediasend_PC_module_mac_V1.app/Contents/MacOS/mediasend_PC_module_mac_V1", "message": "The binary is not signed with a valid Developer ID certificate.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721", "architecture": "arm64" }, { "severity": "error", "code": null, "path": "mediasend_PC_module_mac_V1.zip/mediasend_PC_module_mac_V1.app/Contents/Frameworks/libtcl8.6.dylib", "message": "The binary is not signed with a valid Developer ID certificate.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721", "architecture": "arm64" }, { "severity": "error", "code": null, "path": "mediasend_PC_module_mac_V1.zip/mediasend_PC_module_mac_V1.app/Contents/Frameworks/libssl.3.dylib", "message": "The binary is not signed with a valid Developer ID certificate.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721", "architecture": "arm64" }, . . . . . This is how it went. I don't know why the error occurs. For reference, the python app was installed using the script below. pyinstaller --onedir --hidden-import=PIL --hidden-import=flask --hidden-import=psutil --hidden-import=requests --name mediasend_PC_module_mac_V1 --icon=logo3_iMf_icon.icns --noconsole --add- data="logo3_iMf_icon.icns:." --add-data="logo.png:." --add-data="wifi.gif:." --add-data="sleep.gif:." -d all album_mac.py
3
0
385
3d