Search Results

I've built my app, signed it with my Developer ID, and had it was successfully notarized. However, when I attempt to launch the app in macOS 10.15.7, I get the 'The application "***.app" can't be opened.' error message. I ran all the usual checks to make sure the app is signed and notarized properly: % codesign --verbose --verify *.app ***.app: valid on disk ***.app: satisfies its Designated Requirement % xcrun stapler validate *.app Processing: /path/to/*.app The validate action worked! % spctl --assess --verbose *.app ***.app: accepted source=Notarized Developer ID Can someone help me figure out what I am **** wrong here. Here are the commands which I have executed: Code Signing: codesign --sign "Developer ID Application: *" --timestamp --options runtime --verbose=4 --strict ./*.app Create Zip File to send to Apple: /usr/bin/ditto -ck -rsrc --sequesterRsrc --keepParent ./*.app ./*.zip Notorize Zip File: xcrun altool --notarize-app --primary-bundle-id "bundle-id" --username myusername --password mypassword --file ./*.zip Staple to App File. xcrun stapler staple ./*.app

Hello. I tried to get multiple installation folders notarized after combining them into a dmg, but as soon as the upload was complete, it returned an ITMS-90728 error. I have tried changing the format of the folder and omitting the parts where languages other than English are used, but it does not fix the problem. How can I fix it so that it will accept notarization without problems?

Hello, for months I've been notarizing my app without any problem, but from 2 days ago, I've been getting the following error ⨯ Failed to upload app to Apple's notarization servers altool[2019:30048] * Error: Unable to notarize app. altool[2019:30048] * Error: code -1011 (Failed to authenticate for session: ( 		"Error Domain=ITunesConnectionAuthenticationErrorDomain Code=-20209 \"This Apple ID has been locked for security reasons. Visit iForgot to reset your account (https://iforgot.apple.com).\" UserInfo={NSLocalizedRecoverySuggestion=This Apple ID has been locked for security reasons. Visit iForgot to reset your account (https://iforgot.apple.com)., NSLocalizedDescription=This Apple ID has been locked for security reasons. Visit iForgot to reset your account (https://iforgot.apple.com)., NSLocalizedFailureReason=App Store operation failed.}" ) Unable to upload your app for notarization.) 	stackTrace= I followed all instructions but still says my AppleID is locked. What can I do? Please, if anyone have any hints I'd appreciate it. Thanks

How do I confirm that notarization actually worked on a MacOS app (not going through the App Store)? I got back "success" from the server. However, when a user runs the software, they still get the "downloaded from the Internet" warning. It was a lot of trouble to set up our build servers to do the extra steps of notarizing and stapling. What can I do to verify the app on the development machine?

Hi, I've built everything natively for arm64, the M1 doesnt have Rosetta 2 installed. The app runs fine when started from the terminal. I am packaging the .app exactly the same way as for x86_64 but it refuses to launch on an M1 mac. I see "You do not have permission to open the application 'APPNAME'" when trying to open the app. I've tried when both codesigned and not codesigned (both work on x86 dev machine). In Console.app I see: LAUNCH: Runningboard launch of com.mydomain.myapp private returned RBSRequestErrorFailed, error Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0x600007803450 {Error Domain=NSPOSIXErrorDomain Code=111 "Unknown error: 111" UserInfo={NSLocalizedDescription=Launchd job spawn failed with error: 111}}}, so returning -10826 The app launches using shell scripts, I've tried to modify the plist to launch the executable directly to see whether it was the issue, but it didnt change anything. The way its starting makes me think it doesnt even try to launch the executable and that its failing right away when looking at something in the package, but I have no idea what it could be. I've been at this for hours, any help would be appreciated. Cheers

My app on being downloaded from the site and opened shows unidentified developer error on Mac OS. The app is signed and notarized and the dmg is not. codesign -vvd /Applications/Pluto.app Executable=/Applications/Pluto.app/Contents/MacOS/Pluto Identifier=com.pluto.office Format=app bundle with Mach-O thin (x86_64) CodeDirectory v=20500 size=1756 flags=0x10000(runtime) hashes=46+5 location=embedded Signature size=9059 Authority=Developer ID Application: Sambhav Sharma (MCS363NKV7) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=21 Mar 2021 at 21:00:18 Info.plist entries=30 TeamIdentifier=MCS363NKV7 Runtime Version=11.0.0 Sealed Resources version=2 rules=13 files=34 Internal requirements count=1 size=176 spctl -vvv -a -t open --context context:primary-signature /Applications/Pluto.app /Applications/Pluto.app: accepted source=Notarized Developer ID origin=Developer ID Application: Sambhav Sharma (MCS363NKV7)

When I check notarization on Mac Mini with M1 chip: bash-3.2$ spctl -a -t exec -vvv '/Applications/My.app' It shows many useless warnings in output. Regardless the app I check. macOS 11.2.3 (20D91), Xcode 12.4 objc[19507]: Class SPExecutionPolicy is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined. objc[19507]: Class AppWrapper is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined. objc[19507]: Class AppWrapperPolicyResult is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined. objc[19507]: Class AppWrapperPolicy is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined. objc[19507]: Class SPLog is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined. objc[19507]: Class MIS is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined. objc[19507]: Class SPExecutionHistoryItem is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined. objc[19507]: Class SPExecutionPolicyItem is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined. objc[19507]: Class SPDeveloperPolicy is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined. objc[19507]: Class GKScanResult is implemented in both /System/Library/PrivateFrameworks/SystemPolicy.framework/Versions/A/SystemPolicy and /usr/sbin/spctl. One of the two will be used. Which one is undefined. /Applications/My.app/: accepted source=Notarized Developer ID origin=Developer ID Application: MYCOMPANY LLC (RDXXXXXXX) These warnings don't appears when I do the same on Intel Mac with the same macOS version 11.2.3

I am trying to use xcrun altool. Here is the cli command: /usr/bin/xcrun altool  --list-providers -u “APPLEIDDEVACCOUNT” -p “APPPASSWORD” No matter what I try - application created password or actual password for the account I get the following. Not sure what is going on. Thanks CFURLRequestSetHTTPCookieStorageAcceptPolicyblock_invoke: no longer implemented and should not be called 2020-08-12 07:36:01.064 altool[8552:289303] * Error: Failed to retrieve providers info. 2020-08-12 07:36:01.064 altool[8552:289303] * Error: code -1011 (Failed to authenticate for session: (     "Error Domain=ITunesConnectionAuthenticationErrorDomain Code=-20101 \"Your Apple ID or password was entered incorrectly.\" UserInfo={NSLocalizedRecoverySuggestion=Your Apple ID or password was entered incorrectly., NSLocalizedDescription=Your Apple ID or password was entered incorrectly., NSLocalizedFailureReason=App Store operation failed.}" ) Unable to list providers.)

I have a setup (working in 10.1[345]) which now fails in Big Sur, where I have a dynamic library (which calls another external library which in turn calls another) which is referenced from PAM. More specifically, this is a setup to allow PIV smartcards to be used for "sudo" authentication. Thus, I have a line in /etc/pam.d/sudo which calls /usr/local/libexec/pam_ssh_agent_auth.so. This library calls a perl script which does a network LDAP lookup for the current user. I have code-signed the pam_ssh_agent_auth library as well as the non-system library it references (as seen by "otool -L") and the non-system library that the intermediate one calls. These are all located in /usr/local/libexec as well. When I run a sudo command now, e.g., "sudo date", the command simply hangs. The error I see in Console is: Library Validation failed: Rejecting '/usr/local/libexec/pam_ssh_agent_auth.so' (Team ID: 82A95CK2HC, platform: no) for process 'sudo(16107)' (Team ID: none, platform: yes), reason: mapping process is a platform binary, but mapped file is not. I have found other references to this error but those seem to involve application bundles. In my case I have a single .so library (plus the two others) I wish to invoke. The library is from https://github.com/jbeverly/pam_ssh_agent_auth/releases Again, this works fine in the three previous OS versions. What do I need to change to make it work here? Advice most appreciated, please. Thank you!

Hi, I use a 3rd party protection library whose aim is to check if a dongle with the right credential is plugged. If the library is loaded from a not hardened program, it works well - I mean, returns true if the right dongle is plugged, else false. If the library is loaded from a hardened program, it is loaded BUT always return false - as if it could not access/read the dongle (I've not checked the system log up to now). Might it be that the hardening prevent access to dongle? Is there a entitlement which might help? TIA, J.

As of this afternoon, I'm getting the following error when trying to notarize binaries (I have masked out my identifiers and file names): [2021-03-08 15:36:13 MST] main INFO: Attempting to connect to Apple's webDAV... [2021-03-08 15:36:13 MST] main DEBUG: requestUri:[https://itmsdav.apple.com:443/5/XXXXXXXXXX/uploading/] resource:[https://itmsdav.apple.com:443/5/XXXXXXXXXX/uploading/] [2021-03-08 15:36:13 MST] main DEBUG: PROPFIND depth:[0] [2021-03-08 15:36:13 MST] main DEBUG: PROPFIND statusCode:[405] [2021-03-08 15:36:13 MST] main ERROR: An error occurred while processing the http request for the webDAV upload. [2021-03-08 15:36:13 MST] main ERROR: An exception has occurred: Method Not Allowed [2021-03-08 15:36:13 MST] main DEBUG: com.apple.transporter.transport.webdav.HttpException: Method Not Allowed at com.apple.transporter.transport.webdav.WebdavFile.getProperties(WebdavFile.java:274) at com.apple.transporter.transport.webdav.WebdavFile.init(WebdavFile.java:144) at com.apple.transporter.transport.webdav.WebDAVTransport.createConnectionToWebDAVURL(WebDAVTransport.java:602) at com.apple.transporter.transport.webdav.WebDAVTransport.uploadPackage(WebDAVTransport.java:345) at com.apple.transporter.operation.Upload.performUploadOperation(Upload.java:1039) SNIP at com.apple.transporter.launcher.Application.start(Application.java:450) at com.apple.transporter.launcher.Application.main(Application.java:947) [2021-03-08 15:36:13 MST] main DBG-X: Memory: [JVM] 957M free, 1024M total, 2048M max [System] (Physical) 1978M free, 32768M total (Swap) 0 free, 0 total [2021-03-08 15:36:13 MST] main DBG-X: Using operation named: uploadFailedWithArguments [2021-03-08 15:36:13 MST] main DBG-X: Apple's web service operation input parameters: [2021-03-08 15:36:13 MST] main DBG-X: parameter Application = iTMSTransporter [2021-03-08 15:36:13 MST] main DBG-X: parameter BaseVersion = 2.1.0 [2021-03-08 15:36:13 MST] main DBG-X: parameter CPUToken = 15080805-5958-4e1f-a472-a252f3e9e9f3/1615242973101 [2021-03-08 15:36:13 MST] main DBG-X: parameter Client = altool [2021-03-08 15:36:13 MST] main DBG-X: parameter ClientChecksumInfo = [{CalculationTime=118, FileLastModified=1615242877444, Filename=XXXXXXXXXXXXX.zip, FileSize=70984309, CalculatedChecksum=57e8bcf6956fb612f53e2d68831969c4}] [2021-03-08 15:36:13 MST] main DBG-X: parameter ClientVersion = 4.029 (1194) [2021-03-08 15:36:13 MST] main DBG-X: parameter ItcProviderName = XXXXXXXXXX [2021-03-08 15:36:13 MST] main DBG-X: parameter NewPackageName = com.XXXXXXXXXXXXXXXXXXXX.itmsp [2021-03-08 15:36:13 MST] main DBG-X: parameter NumberBytesTransferred = (null) [2021-03-08 15:36:13 MST] main DBG-X: parameter OSIdentifier = Mac OS X 11.2.3 (x86_64); jvm=14.0.2+12-iTunesOpenJDK-5; jre=14.0.2+12-iTunesOpenJDK-5 [2021-03-08 15:36:13 MST] main DBG-X: parameter StatisticsArray = [{duration=0.265851828, method=clientApplication.start, count=1}, {duration=0.653015636, method=validateMetadata, count=1}, {duration=0.275264665, method=lookupTransportDiagnostic, count=1}, {duration=1.027068726, method=validateAssets, count=1}, {duration=2.22303E-4, method=createTransportPod, count=1}] [2021-03-08 15:36:13 MST] main DBG-X: parameter StatisticsClientStartDateTimeZoneISO = 2021-03-08T15:36:13-07:00 [2021-03-08 15:36:13 MST] main DBG-X: parameter StatisticsPreviousCallDurationInSecs = 0.170076956 [2021-03-08 15:36:13 MST] main DBG-X: parameter TransferTime = 0 [2021-03-08 15:36:13 MST] main DBG-X: parameter Transport = DAV [2021-03-08 15:36:13 MST] main DBG-X: parameter TransportLogCompressed = (suppressed) [2021-03-08 15:36:13 MST] main DBG-X: parameter TransporterArguments = -m upload -u XXXXXXXXXX@XXXXXXXXXXX -vp json -DTxHeaders=eyJqZW5nYSI6dHJ1ZX0= -sessionid @env:1396BB96-381F-40CF-A00F-D2ADA70152D7 -sharedsecret hidden value -itc_provider XXXXXXXXXX -t DAV -f /var/folders/bp/z43l86yn10n79qy_7v12nbmw0000gn/T/3C16D3DD-30B5-460D-A80E-8D67A7ED9226/com.XXXXXXXXXXX.itmsp -indicator true -v eXtreme -Dtransporter.client=altool -Dtransporter.client.version=4.029 (1194) [2021-03-08 15:36:13 MST] main DBG-X: parameter Version = 2.1.0 [2021-03-08 15:36:13 MST] main DBG-X: parameter iTMSTransporterMode = upload [2021-03-08 15:36:13 MST] main INFO: id = 20210308153613-516 [2021-03-08 15:36:13 MST] main INFO: iTMSTransporter Correlation Key: 1d172d41-6b01-49ba-87b9-aadec296590b-0001 [2021-03-08 15:36:14 MST] main DBG-X: Apple's web service operation return value: [2021-03-08 15:36:14 MST] main DBG-X: parameter EnableJWTForAllCalls = false [2021-03-08 15:36:14 MST] main DBG-X: parameter SessionExpiration = 2021-03-12T22:36:13.662Z [2021-03-08 15:36:14 MST] main DBG-X: parameter ShouldUseRESTAPIs = false [2021-03-08 15:36:14 MST] main DBG-X: parameter Success = true [2021-03-08 15:36:14 MST] main DBG-X: parameter StreamingSettings = {LogStreamingEnabled=true, MultipartUploadsEnabled=true, AssetDescriptionStreamingEnabled=false} [2021-03-08 15:36:14 MST] main INFO: Transporter's command line arguments are: -m upload -u XXXXXXXXXX@XXXXXXXXXXX -vp json -DTxHeaders=eyJqZW5nYSI6dHJ1ZX0= -sessionid @env:1396BB96-381F-40CF-A00F-D2ADA70152D7 -sharedsecret hidden value -itc_provider XXXXXXXXXX -t DAV -f /var/folders/bp/z43l86yn10n79qy_7v12nbmw0000gn/T/3C16D3DD-30B5-460D-A80E-8D67A7ED9226/com.XXXXXXXXXXX.itmsp -indicator true -v eXtreme -Dtransporter.client=altool -Dtransporter.client.version=4.029 (1194) [2021-03-08 15:36:14 MST] main DBG-X: Returning 1 2021-03-08 15:36:14.938 altool[12326:183763] Out: Package Summary: 1 package(s) were not uploaded because they had problems: /var/folders/bp/z43l86yn10n79qy_7v12nbmw0000gn/T/3C16D3DD-30B5-460D-A80E-8D67A7ED9226/com.XXXXXXXXXXX.itmsp - Error Messages: An error occurred while processing the http request for the webDAV upload. An exception has occurred: Method Not Allowed 2021-03-08 15:36:15.024 altool[12326:183754] * Error: Unable to notarize app. 2021-03-08 15:36:15.024 altool[12326:183754] * Error: code -18000 (An error occurred while processing the http request for the webDAV upload.) 2021-03-08 15:36:15.024 altool[12326:183754] *** Error: code -18000 (An exception has occurred: Method Not Allowed) Is there something going on with the notarization servers? Or is there something I'm doing wrong? This has worked until just this afternoon (I was able to notarize this morning using the same code).

When trying to execute an executable (on 10.14.7), I get a dialog box saying: “Main” cannot be opened because the developer cannot be verified. macOS cannot verify this app is free from malware. This executable cames from a .dmg which is signed, notarized and stapled successfully. stapler validate /Users/jtripoz/Downloads/***.dmg  Processing: /Users/jtripoz/Downloads/***.dmg The validate action worked! codesign -dvvv /Users/jtripoz/Downloads/***.dmg  Executable=/Users/jtripoz/Downloads/***.dmg Identifier=com.***.*** Format=disk image CodeDirectory v=20200 size=309 flags=0x0(none) hashes=1+6 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=*** CandidateCDHashFull sha256=*** Hash choices=sha256 CMSDigest=*** CMSDigestType=2 CDHash=*** Signature size=8959 Authority=Developer ID Application: *** (xxxxxxxxx) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=4 Mar 2021 at 15:35:28 Info.plist=not bound TeamIdentifier=*** Sealed Resources=none Internal requirements count=1 size=184 and the executable is signed/hardened: codesign -dvvv ./Main Executable=***/Main Identifier=Main Format=Mach-O thin (x86_64) CodeDirectory v=20500 size=13680 flags=0x10000(runtime) hashes=419+5 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=*** CandidateCDHashFull sha256=*** Hash choices=sha256 CMSDigest=*** CMSDigestType=2 CDHash=*** Signature size=8960 Authority=Developer ID Application: *** (XXXXXXX) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=4 Mar 2021 at 15:33:59 Info.plist=not bound TeamIdentifier=XXXXX Runtime Version=10.15.0 Sealed Resources=none Internal requirements count=1 size=164 And has 2 entitlements: codesign -d --entitlements :- Main Executable=***/Main ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" plist version="1.0" dict keycom.apple.security.cs.allow-dyld-environment-variables/key true/ keycom.apple.security.cs.disable-library-validation/key true/ /dict I'm running on 10.15.7, and assessments are enabled. spctl --status assessments enabled What did I missed ? TIA, J.