I had been command line notarizing my two py2app (python applications) successfully now for 7 months; I use a set of canned scripts; I stored the notarization App ID in my key chain; as follows: xcrun altool --store-password-in-keychain-item \ APP_PASSWORD  \ -u <my apple id> \ -p <the app id I generated> The script uses this CLI xcrun notarytool submit Pyut.zip --keychain-profile "APP_PASSWORD" --verbose --progress --wait All of a sudden now notarization fails with: Error: HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct.

I am yet another another developer facing the issue of having a notarized application cryptically blocked by GateKeeper with the unhelpful "unidentified developer" message. I followed Eskimo's instructions of combing the system logs, and caught an event by XprotectService: File /Applications/Cook-a-Dream.app/Contents/Resources/app_packages/PySide6/lupdate failed on rPathCmd /Users/qt/work/install/lib/QtCore.framework/Versions/A/QtCore Googling around, I found some people reporting similar problems (with other libraries) being fixed by detecting and fixing this kind of problem by deleting/changing some of the rpaths with install_name_tool. The questions: How do I confirm if the issue is indeed one of rpath? What are the general "rules" that govern what is allowed or not allowed in terms of rpaths for GateKeeper? Can I add a prophylactic step to my workflow to detect those issues before notarization?

Hi, I develop a desktop GUI application. This application is written in Python and is cross-platform. I have tried to sign and notarize the Mac .dmg installer for months, but for now without any success. Below I have prepared a small example of the kind of code I need to notarize and sign. Thanks in advance for your help! Miloš MVP: MVP (Minimum viable product) = pack .dmg + sign + notarize basic portable Py runtime (portable conda based) with “Hello world” in Tk runtime. To create (and run) the MVP code, run this in console (requires echo, curl and .tar.xz compression support - usually built-in in MacOS): cat > test.py << EOF from tkinter import * from tkinter import ttk root = Tk() frm = ttk.Frame(root, padding=10) frm.grid() ttk.Label(frm, text="Hello World!").grid(column=0, row=0) ttk.Button(frm, text="Quit", command=root.destroy).grid(column=1, row=0) root.mainloop() EOF curl https://files.sdat.solargis.com/venv3.9_mac_amd64.tar.xz | tar xvJf - . ./venv3.9/bin/activate2 python test.py  # this runs the MVP app Pls, I need to know HOW to create a signed + notarized .dmg installer of the program above in the automated way.

I am having problems registering an IOS developer Account on Appium Studio. I have 2 different paying development accounts and both are failing to register. I have upgraded the Appium Studio version to the latest version (22.1.8625) and tried different computers in different networks. “The error message is: Failed to add apple developer account with appleid: *******@*****.net and teamid: ********** reason: Bad response from server. 200: OK Server says: Authentication Error. XCode 7.3 or later is required to continue developing with your Apple ID . (3019). Please make sure you are not using a free acount, as it is not supported.” So, I’m using a paying account with the latest Appium Studio version but getting this message. please provide some help on this issue? Regards

I've only started to learn about the notarization process within the past eight months. About every three weeks or so, after I've added features to a piece of software I'm writing, I check to make sure I can still get it notarized. Everything worked fine until today. My workflow is the following (I'm running Mac 11.6.1) My program is written in python using tkinter and converted to an .app using pyinstaller. It runs fine on my own machine. I'm not using XCode. Build the package: productbuild --component Desktop/dist/my_app.app Desktop/my_app.pkg Product sign the package: productsign --force --deep --sign 'Developer ID Installer: MyName (XXXXXX7RBW)' /Users/Desktop/my_app.pkg /UsersDesktop/my_app_signed.pkg Check that code is signed. pkgutil --check-signature Desktop/my_app_signed.pkg Obtain an app specific password by visiting https://appleid.apple.com/account/manage Submit for notarization: xcrun altool --notarize-app -f Desktop/my_app_signed.pkg --primary-bundle-id XXXXXX7RBW -u my_email_address -p' @keychain: Developer ID Installer: MyName (XXXXXX7RBW) Enter my app specific password when instructed to do so. When things worked fine a few weeks ago, there was an extra step before completing step (2): For some reason I had problems signing and notarizing up to that time due to directory names containing periods. These were located in PyQt5 within the application bundle. I deleted these folders, notarization worked, and my program ran fine on a different Mac. Now the notarization fails due to several executables inside Contents/MacOS/ , such as QtDesigner, QtMacExtras, QtNetwork, and a few others starting with Qt. One exception consists of the dylib file libz.1.2.11.dylib. The log yields the typical "lack of a valid time-stamp" or "lack of valid developer IT certificate" messages. The only real difference in my package since I had it last notarized three weeks ago is that it now utilizes a python module, netgraph, which is likely using aspects of PyQt. So, I'm seeking advice for how to address this error. Am I correct that I will need to sign the problem executables individually? If so, what is the correct way to do so. For example, instead of creating my package and product signing, should I code sign the individual problem executables and then package them with the app? Thanks

HI I've updated my fortran program and I'm trying to get through the notarizing process. I created a pkg with >pkgbuild ... I signed the package with >productsign ... I created an application password for notarytool I created store credentials with >xcrun notarytool store-credentials ... Received: Success. Credentials validated. Credentials saved to Keychain. Requested notarization with >xcrun notarytool submit ... Submission ID received Successfully uploaded file Current status: Waiting.... after a minute or two this changed to Current status: Invalid... Could this because the notarizing system doesn't understand Fortran executables or is there something else I've done incorrectly? I have a submission id, is there a way to get more information. Thanks, David

I'm trying to notarize a pkg file that I created. The command looks like this (names changed to protect the guilty!) xcrun altool --notarize-app --file "$PACKAGE_LOCATION" --password "@keychain:AC_PASSWORD" --primary-bundle-id "com.***.yyy.package" --verbose I get an email back that notarization failed and when I query it, all I get back is Status: invalid Status Code: 2 Status Message: Package Invalid There is also a large LogFileURL and when I paste that into a browser I get (Request ID hidden) <Error> <Code>429</Code> <Message>Application byte rate limit exceeded.</Message> <RequestId>xxxxxxxxxxxxxx</RequestId> <Resource> /itmspod12-assets-massilia-032001/Enigma122/v4/d2/5e/9f/d25e9f49-7d49-f370-b142-cee30a862f8a/p6R3Xe9Q2x3GmKcysMtiZJvIdjrI0Vw2TYKBCvZgU2M_U003d-1649862816665 </Resource> </Error> and I have no idea what the message means there. Any help would be appreciated.

Hello, in order to sign our app we run codesign tool as follows: /usr/bin/codesign --deep --timestamp -o runtime --force --keychain /fw_home/Library/Keychains/CPCERT.keychain --sign 'Developer ID Application: Check Point Software Technologies (TZ3UEPFYKD)' CMpub/lib/macosx/release/libimpers_kerb.dylib The command often fails with the following result: "A timestamp was expected but was not found." The issue is intermittent and seems like depend on the location and time of the day. Thus in Tel-Aviv location the command tends to succeed at night hours but fails during the day. We took packet capture log on our firewall. When signing fails we see that codesign sends HTTP POST request to timestamp.apple.com and the server acknowledges receive of the packet. The server does not send back any data during 15 seconds and client side sends FIN packet to shutdown the connection. In case of successful signing we see that HTTP 200 code is received almost immediately. So, it seems that 15s is not enough for timestamp server to process the request. Can we increase 15s timeout anyhow or could you assist us in anyway to have this issue solved? Below is the packet capture logs for successful and failed flow: Successfull Packet ############# 16:19:45.077840 In 00:1c:7f:6f:53:4b ethertype IPv4 (0x0800), length 80: 192.168.120.108.49403 > 17.179.249.1.80: Flags [SEW], seq 1726631757, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 914329200 ecr 0,sackOK,eol], length 0 16:19:45.080628 Out 00:1c:7f:6c:d3:7f ethertype IPv4 (0x0800), length 80: 17.179.249.1.80 > 192.168.120.108.49403: Flags [S.], seq 1040463283, ack 1726631758, win 65535, options [mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,TS val 4058768711 ecr 914329200], length 0 16:19:45.080919 In 00:1c:7f:6f:53:4b ethertype IPv4 (0x0800), length 68: 192.168.120.108.49403 > 17.179.249.1.80: Flags [.], ack 1, win 2058, options [nop,nop,TS val 914329204 ecr 4058768711], length 0 16:19:45.081814 Out 00:1c:7f:6c:d3:7f ethertype IPv4 (0x0800), length 68: 17.179.249.1.80 > 192.168.120.108.49403: Flags [.], ack 1, win 32768, options [nop,nop,TS val 4058768711 ecr 914329204], length 0 16:19:45.082525 In 00:1c:7f:6f:53:4b ethertype IPv4 (0x0800), length 356: 192.168.120.108.49403 > 17.179.249.1.80: Flags [P.], seq 1:289, ack 1, win 2058, options [nop,nop,TS val 914329204 ecr 4058768711], length 288: HTTP: POST /ts01 HTTP/1.1 16:19:45.082535 In 00:1c:7f:6f:53:4b ethertype IPv4 (0x0800), length 145: 192.168.120.108.49403 > 17.179.249.1.80: Flags [P.], seq 289:366, ack 1, win 2058, options [nop,nop,TS val 914329204 ecr 4058768711], length 77: HTTP 16:19:45.082724 Out 00:1c:7f:6c:d3:7f ethertype IPv4 (0x0800), length 68: 17.179.249.1.80 > 192.168.120.108.49403: Flags [.], ack 366, win 32722, options [nop,nop,TS val 4058768711 ecr 914329204], length 0 16:19:45.931727 Out 00:1c:7f:6c:d3:7f ethertype IPv4 (0x0800), length 350: 17.179.249.1.80 > 192.168.120.108.49403: Flags [.], seq 1:283, ack 366, win 32768, options [nop,nop,TS val 4058768714 ecr 914329204], length 282: HTTP: HTTP/1.1 200 OK 16:19:45.931744 Out 00:1c:7f:6c:d3:7f ethertype IPv4 (0x0800), length 1234: 17.179.249.1.80 > 192.168.120.108.49403: Flags [P.], seq 283:1449, ack 366, win 32768, options [nop,nop,TS val 4058768714 ecr 914329204], length 1166: HTTP 16:19:45.931893 Out 00:1c:7f:6c:d3:7f ethertype IPv4 (0x0800), length 1516: 17.179.249.1.80 > 192.168.120.108.49403: Flags [P.], seq 1449:2897, ack 366, win 32768, options [nop,nop,TS val 4058768714 ecr 914329204], length 1448: HTTP 16:19:45.932648 In 00:1c:7f:6f:53:4b ethertype IPv4 (0x0800), length 68: 192.168.120.108.49403 > 17.179.249.1.80: Flags [.], ack 1449, win 2036, options [nop,nop,TS val 914329965 ecr 4058768714], length 0 16:19:45.932661 In 00:1c:7f:6f:53:4b ethertype IPv4 (0x0800), length 68: 192.168.120.108.49403 > 17.179.249.1.80: Flags [.], ack 2897, win 2013, options [nop,nop,TS val 914329965 ecr 4058768714], length 0 16:19:45.932721 Out 00:1c:7f:6c:d3:7f ethertype IPv4 (0x0800), length 1516: 17.179.249.1.80 > 192.168.120.108.49403: Flags [P.], seq 2897:4345, ack 366, win 32768, options [nop,nop,TS val 4058768714 ecr 914329965], length 1448: HTTP 16:19:45.932731 Out 00:1c:7f:6c:d3:7f ethertype IPv4 (0x0800), length 317: 17.179.249.1.80 > 192.168.120.108.49403: Flags [P.], seq 4345:4594, ack 366, win 32768, options [nop,nop,TS val 4058768714 ecr 914329965], length 249: HTTP 16:19:45.933174 In 00:1c:7f:6f:53:4b ethertype IPv4 (0x0800), length 68: 192.168.120.108.49403 > 17.179.249.1.80: Flags [.], ack 4345, win 2025, options [nop,nop,TS val 914329965 ecr 4058768714], length 0 16:19:45.933181 In 00:1c:7f:6f:53:4b ethertype IPv4 (0x0800), length 68: 192.168.120.108.49403 > 17.179.249.1.80: Flags [.], ack 4594, win 2021, options [nop,nop,TS val 914329965 ecr 4058768714], length 0 Failure Packet: ############# 16:21:05.194698 In 00:1c:7f:6f:53:4b ethertype IPv4 (0x0800), length 356: 192.168.120.108.49404 > 17.179.249.1.80: Flags [P.], seq 365:653, ack 4594, win 2048, options [nop,nop,TS val 914396490 ecr 2282066484], length 288: HTTP: POST /ts01 HTTP/1.1 16:21:05.194706 In 00:1c:7f:6f:53:4b ethertype IPv4 (0x0800), length 144: 192.168.120.108.49404 > 17.179.249.1.80: Flags [P.], seq 653:729, ack 4594, win 2048, options [nop,nop,TS val 914396490 ecr 2282066484], length 76: HTTP 16:21:05.195849 Out 00:1c:7f:6c:d3:7f ethertype IPv4 (0x0800), length 68: 17.179.249.1.80 > 192.168.120.108.49404: Flags [.], ack 729, win 32758, options [nop,nop,TS val 2282066521 ecr 914396490], length 0 16:21:21.169780 In 00:1c:7f:6f:53:4b ethertype IPv4 (0x0800), length 68: 192.168.120.108.49404 > 17.179.249.1.80: Flags [F.], seq 729, ack 4594, win 2048, options [nop,nop,TS val 914409551 ecr 2282066521], length 0 16:21:21.176440 Out 00:1c:7f:6c:d3:7f ethertype IPv4 (0x0800), length 68: 17.179.249.1.80 > 192.168.120.108.49404: Flags [F.], seq 4594, ack 730, win 32758, options [nop,nop,TS val 2282066585 ecr 914409551], length 0 16:21:21.177782 In 00:1c:7f:6f:53:4b ethertype IPv4 (0x0800), length 68: 192.168.120.108.49404 > 17.179.249.1.80: Flags [.], ack 4595, win 2048, options [nop,nop,TS val 914409559 ecr 2282066585], length 0

This might seem flippant, but it's very serious. My use case, this is literally torturing me to death: We have a language (Allegro Common Lisp) which has a module for making SSL connections. This module is requires OpenSSL. We don't want to supply OpenSSL with our product for obvious reasons--I'm not going to go into that here. So, what's the problem? Well, first, the problem is that Apple decided long ago to not allow developers to build against their version of SSL (which is based on LibreSSL). So, we must depend on Macports or Homebrew for the installation of OpenSSL. Those libraries are in non-standard places and require DYLD_LIBRARY_PATH to be set so that the libraries can be dynamically loaded. The problem is, with SIP, any environment variables that start with DYLD_ or LD_ are stripped from the environment passed to programs. That is, if I set DYLD_LIBRARY_PATH in BASH and start my product, I can't load a signed .dylib that depends on some version of the OpenSSL libraries. To make matters worse, this works on macOS 11.6.5 (20G527) x86_64: DYLD_LIBRARY_PATH=... ./mlisp (sys:getenv "DYLD_LIBRARY_PATH")` That is, it returns the value ... set on the command line. It does not work on macOS 11.6.5 (20G527) arm64. To dynamically load the OpenSSL libraries, we have a glue library (that adds functionality) called acliss11.dylib which depends on @rpath/libssl.1.1.dylib and @rpath/libcrypto.1.1.dylib. For x86_64 we have a solution, but the same solution does NOT work for arm64. How are we supposed to do this?

I need to bundle the Qt framework with my application, which naturally needs to be notarized as well. What is the right way to go about it? The zip I need to bundle is https://github.com/qmlnet/qt-runtimes/releases/download/releases/qt-5.15.1-7fc8b10-osx-x64-runtime.tar.gz which I unpack to Hammer.app/Contents/MacOS/qt-runtime. While the location of the framework can be arbitrary, the structure and contents within must be kept in exact order as they are. What is the right way to go about this?

This am I submitted my Mac build to be notarized to make a Developer ID build. Normally this takes about 20 mins for Apple servers to do whatever it does and then I get an email that it's done. For some reason, it seems to be stuck. In the archive, it says "Package Approved" but hasn't yet gone to "Ready to distribute". Is there an issue with the Apple notarization service? It was uploaded/approved over 4 hours ago. Thanks, //Ray

Since upgrading to Xcode 12.5, attempting to submit an app for notarization with /usr/bin/xcrun altool --notarize-app has started failing ~10% of the time with the error Upload succeeded but did not receive a RequestUUID.. Has anyone else encountered this issue? ?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" plist version="1.0" dict keyos-version/key string11.2.0/string keyproduct-errors/key array dict keycode/key integer-1018/integer keymessage/key stringUpload succeeded but did not receive a RequestUUID./string keyuserInfo/key dict keyNSLocalizedDescription/key stringUpload succeeded but did not receive a RequestUUID./string keyNSLocalizedFailureReason/key stringUnable to upload your app for notarization./string /dict /dict /array keytool-path/key string/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework/string keytool-version/key string4.050.1210/string /dict /plist

I built a framework using opencv and opengl and used it in one of my MAC OSX apps. App runs correctly but when I try to build package after archiving, getting errors 2022-03-25 11:32:00 +0000  [OPTIONAL] Didn't find info dictionary for <DVTFilePath:0x7ff46f5faba0:'/path of the framework/libglfw.3.dylib'>: Error Domain=DVTFoundationNSBundleAdditionsErrorDomain Code=1 "Couldn't load Info dictionary for <DVTFilePath:0x7ff46f5faba0:'/path of the framework/libglfw.3.dylib'>" UserInfo={NSLocalizedDescription=Couldn't load Info dictionary for <DVTFilePath:0x7ff46f5faba0:'/path of the framework/libglfw.3.dylib'>} Here’s what I have done step by step: I made a framework for MacOS that includes a few OpenCV and OpenGL(GLEW,GLFW) standard operations and built the dynamic libraries of OpenCV, GLEW and GLFW with the below commands. cmake -G "Unix Makefiles" .. make -j8 Added the dylibs (libopencv_core.3.4.dylib, libopencv_imgcore.3.4.dylib), and necessary frameworks in the Framework and Libraries section. I want to use the framework in one of my apps. Added the built framework to one of my projects. In the Framework and Libraries section I have selected the Embed and Sign option for my dynamic framework. Tried to build the project with Hardened Runtime capability enabled. We have codesigned the dylibs using the below command : codesign --force --timestamp --sign Also check the validation by the below command : codesign -vvvv Validation was successful. Then started package building. For this first archived the app. Then when I tried to notarize the archive, it failed. Sharing the log : 2022-03-25 11:32:00 +0000  [OPTIONAL] Didn't find info dictionary for <DVTFilePath:0x7ff46f5faba0:'/path of the framework/libglfw.3.dylib'>: Error Domain=DVTFoundationNSBundleAdditionsErrorDomain Code=1 "Couldn't load Info dictionary for <DVTFilePath:0x7ff46f5faba0:'/path of the framework/libglfw.3.dylib'>" UserInfo={NSLocalizedDescription=Couldn't load Info dictionary for <DVTFilePath:0x7ff46f5faba0:'/path of the framework/libglfw.3.dylib'>} 2022-03-25 11:32:00 +0000  [OPTIONAL] Didn't find info dictionary for <DVTFilePath:0x7ff472323d10:'/path of the framework/libopencv_imgcodecs.3.4.dylib'>: Error Domain=DVTFoundationNSBundleAdditionsErrorDomain Code=1 "Couldn't load Info dictionary for <DVTFilePath:0x7ff472323d10:'/path of the framework/libopencv_imgcodecs.3.4.dylib'>" UserInfo={NSLocalizedDescription=Couldn't load Info dictionary for <DVTFilePath:0x7ff472323d10:'/path of the framework/libopencv_imgcodecs.3.4.dylib'>} 2022-03-25 11:32:00 +0000  [OPTIONAL] Didn't find info dictionary for <DVTFilePath:0x7ff4725b10c0:'/path of the framework/libopencv_imgproc.3.4.dylib'>: Error Domain=DVTFoundationNSBundleAdditionsErrorDomain Code=1 "Couldn't load Info dictionary for <DVTFilePath:0x7ff4725b10c0:'/path of the framework/libopencv_imgproc.3.4.dylib'>" UserInfo={NSLocalizedDescription=Couldn't load Info dictionary for <DVTFilePath:0x7ff4725b10c0:'/path of the framework/libopencv_imgproc.3.4.dylib'>} 2022-03-25 11:32:00 +0000  [OPTIONAL] Didn't find info dictionary for <DVTFilePath:0x7ff46f5fd890:'/path of the framework/libopencv_core.3.4.dylib'>: Error Domain=DVTFoundationNSBundleAdditionsErrorDomain Code=1 "Couldn't load Info dictionary for <DVTFilePath:0x7ff46f5fd890:'/path of the framework/libopencv_core.3.4.dylib'>" UserInfo={NSLocalizedDescription=Couldn't load Info dictionary for <DVTFilePath:0x7ff46f5fd890:'/path of the framework/libopencv_core.3.4.dylib'>} 2022-03-25 11:32:00 +0000  [OPTIONAL] Didn't find info dictionary for <DVTFilePath:0x7ff46f5fc210:'/path of the framework/libglew-shared.2.2.0.dylib'>: Error Domain=DVTFoundationNSBundleAdditionsErrorDomain Code=1 "Couldn't load Info dictionary for <DVTFilePath:0x7ff46f5fc210:'/path of the framework/libglew-shared.2.2.0.dylib'>" UserInfo={NSLocalizedDescription=Couldn't load Info dictionary for <DVTFilePath:0x7ff46f5fc210:'/path of the framework/libglew-shared.2.2.0.dylib'>} So the archive is not getting notarized. Didn’t get what I am doing wrong. Can any of you please help me to resolve this issue?

Hi. I have an archive package that contains multiple packages. One of the pkg has a network extension app. I normally notarized the top archive package and staple it. However, when I tried to install pkg, I keep encountering gatekeeper. I notarize and stape each of the pkg inside of the archives then create achieve package again and notarize/staple it. But again, I still see the same issues. Keeps seeing the gatekeeper. Am I missing something?

I have a flattened pkg file to notarize. It is signed at the build time by the Developer ID installer. Here is the output of a series of commands. check notarization status submit notarization and status check tatus of notarization after notarization complete. mtnview@C02YC2G0JGH5 ~/D/s/d/h/c/pkgs>spctl -a -vvv -t install ./foo.mac11.x86_64.pkg ./foo.mac11.x86_64.pkg: rejected source=Unnotarized Developer ID origin=Developer ID Installer: foo, Inc. (69Q4FM6AL9) mtnview@C02YC2G0JGH5 ~/D/s/d/h/c/pkgs> xcrun notarytool submit ./foo.mac11.x86_64.pkg --keychain-profile "AC_PASSWORD" --wait Conducting pre-submission checks for foo.mac11.x86_64.pkg and initiating connection to the Apple notary service... Submission ID received id: cc2d06be-fb07-4794-a92a-996ac07985fd Successfully uploaded file id: cc2d06be-fb07-4794-a92a-996ac07985fd path: /Users/mtnview/Documents/shared_vm/dev/hawkeye/cmake-macos/pkgs/foo.mac11.x86_64.pkg Waiting for processing to complete. Current status: Accepted.......... Processing complete id: cc2d06be-fb07-4794-a92a-996ac07985fd status: Accepted mtnview@C02YC2G0JGH5 ~/D/s/d/h/c/pkgs> spctl -a -vvv -t install ./foo.mac11.x86_64.pkg ./foo.mac11.x86_64.pkg: rejected source=Unnotarized Developer ID origin=Developer ID Installer: foo, Inc. (69Q4FM6AL9) Apple says it is accepted, but the status still says unnotarized Devloerp ID and rejected? Here is the log "logFormatVersion": 1, "jobId": "cc2d06be-fb07-4794-a92a-996ac07985fd", "status": "Accepted", "statusSummary": "Ready for distribution", "statusCode": 0, "archiveFilename": "foo.mac11.x86_64.pkg", "uploadDate": "2022-03-17T13:35:11.753Z", "sha256": "d5fa4e165df10b548f111a193fbbddceadcdc6a68307884dd5ae5f57a6bbe73a",

I'm signing my macOS application with a Developer ID Application Certificate and sending it to Apple's notary service. When I'm uploading the build from XCode I'm getting the following error: Failed retrieving request UUID for upload. You may have outstanding agreements to sign on App Store Connect. I've checked the following URLs and I don't have any new prompts for new agreements: https://developer.apple.com/account/ https://appstoreconnect.apple.com/ https://appstoreconnect.apple.com/agreements/#/ Is this a bug from Xcode/App Store Connect or does the message refer to other agreements that must be signed?

Hi, I have a PKG file which contains three packages: MyApp.pkg, MyOtherApp.pkg and MyLibs.pkg which contains all libraries and most of resources for these apps. Some libraries are common for both apps and some are specific for certain apps. After installation I have /Applications/MyApp.app, /Applications/MyOhterApp.app, /Libraries/MyAppLibs/Versions/1.2.3/. All these directories and PKG files are signed.  I want to make it possible to install or delete these apps separately. For example, if MyApp is already installed, then user may download and install only MyOtherApp.app and its specific libraries. When user deletes MyApp, deinstaller should delete MyApp.app and it's libraries not touching files used by MyOtherApp. I want to make MyApp to be able to install or delete some of its libraries. For example, when the user activates a feature, MyApp downloads libraries for this feature. Both goals assume that at least library directory will be modified. So the question is, will everything be alright with apps signing and notarization? I'm new to MacOS and I'm not sure if I fully understand it's security policy yet. I've done some experiments with manually deleting and changing files in both library and app directories. codesign and spctl utils show that directories are modified and signs are invalid, but the app launches and works without any problems even after I modified it's executable in MyApp.app. So it seems like  I can just don't care about signatures, but I think it is not a good solution, and I'm also not sure if it works for all users with different security settings. Maybe I should pack each library separately and install them in separate directories in /Libraries/MyAppLibs/Versions/ ? I've not tried it yet. It sounds ok, but it changes file structure of MyLibs and I expect some difficulties in adapting MyApp to it. So is there a way to do it right?