Notarization Rejected for .pkg installer

Question

remarkablex OP

Created Oct ’19

Replies 2

Boosts 0

Views 3.1k

Participants 3

Hi

I have a vst plugin installer package (build with Whitebox Packages v 1.2.6) to be notarized. I get "Notarization is successful" mail from Apple. And also I don't get any error message from any of the process. But when it comes Notarization check - It's been Rejected!

I am following this procedure, am I missing something?

Sign the vst plugins with codesign

Build the .pkg with Whitebox Packages. (I don't use build-in digital signing tool, I use "productsign" in command line)

Signing the .pkg

productsign --sign "Developer ID Installer: XXXXXXX" "/Volumes/Data/Installer v1.1.0.pkg" "/Volumes/Data/Signed/Installer v1.1.0.pkg"

Notarization

xcrun altool --notarize-app -f "/Volumes/Data/Signed/Installer v1.1.0.pkg" --primary-bundle-id com.xxxxinstaller.pkg --username "xxxx" --password "xxxx"

After a couple of minutes, I get "Notarization is successful" mail from Apple

Time Staple - The staple and validate action worked!

xcrun stapler staple "/Volumes/Data/Signed/Installer v1.1.0.pkg"

Till now I don't get any error message from any of these process

Now it's time for checking - Code Sign Check - it is successful - Status: signed by a certificate trusted by Mac OS X

pkgutil --check-signature "/Volumes/Data/Signed/Installer v1.1.0.pkg"

But when it comes Notarization check - Rejected!

spctl -a -vvv -t install "/Volumes/Data/Signed/Installer v1.1.0.pkg" /Volumes/Data/Signed/Installer v1.1.0.pkg: rejected
source=Notarized Developer ID

When I check the log, it says

assessment denied for Installer v1.1.0.pkg com.apple.message.domain: com.apple.security.assessment.outcome2 com.apple.message.signature2: bundle:UNBUNDLED com.apple.message.signature3: Installer v1.1.0.pkg com.apple.message.signature5: UNKNOWN com.apple.message.signature4: 2

I really can't figure it out why it's keep saying "rejected" at the end :/

Boost

Answer 1

Das Goravani OP

Oct ’19

I can't get it to notarize a package, or a zip, it always says

*** Error: Unable to validate your application. We are unable to create an authentication session.

I even copy pasted edited my data into your commands as you gave them to see if your syntax has the mojo, but to no avail, same error.
I'm on the latest OS Mojave version, latest xcode 11, installed the command line tools, it worked to notarize a zip the other day, but now it won't work with the exact same command syntax, same folder location, everything the same, and it won't notarize, very frustrating

Your situation is especially frustrating as it appears to all complete correctly but then says rejected, very frustrating. Good luck. I have an email support request in with Apple to see what's up, hope they get back to me. I'll post here again if I learn anything useful.

0

Answer 2

nilesh.chate OP

Dec ’19

Not sure if it would help you but I was facing the same issue and observed that you will get 'rejected' status by 'spctl install' for notarized package if it was not downloaded from Apple app store and “App Store“ option is selected in the “Security & Privacy“ section of “System Preferences…”, 'spctl install' will result in 'accepted' status if you change it to “App Store and identified developers“.

0