Stapler: Error Code 65

Question

Created Apr ’21

Replies 3

Boosts 0

Views 1.9k

Participants 2

I am trying to attach the ticket to our distribution after notarizing our pkg installer.

We use the following call:

Code Block xcrun stapler staple <installer-name>.pkg

Using this worked half a year ago just fine.

Now the following error message appears:

Code Block CloudKit query for <installer-name>.pkg (1/84b4221cdea9233651f8299c635f52ea24cbec5b) failed due to "Record not found".
Could not find base64 encoded ticket in response for 1/84b4221cdea9233651f8299c635f52ea24cbec5b
The staple and validate action failed! Error 65.

Boost

Answer 1

DTS Engineer OP

Apple

Apr ’21

This indicates that there is no notarised ticket for your installer package’s signature. Did you submit the installer package itself for notarisation? (As opposed to, say, an app inside the package.) If so, run --notarization-info, fetch the LogFileURL property, and confirm that there’s an entry for the package itself with the key 84b4221cdea9233651f8299c635f52ea24cbec5b.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

vroni22 OP

Apr ’21

Sorry for the late reply.

We rerun our notarization script (so there is a new UUID) and checked the notarization info and we think everything is okay?

We run the following command:

Code Block crun altool --notarization-info f2c3a1a0-cf49-4468-85ad-cc6b32a04251 --username <ourUsername --password <ourKeyChainItem>

And got the following reply:

Code Block 2021-04-26 13:40:28.891 altool[4068:136845] CFURLRequestSetHTTPCookieStorageAcceptPolicy_block_invoke: no longer implemented and should not be called
No errors getting notarization info.
     Date: 2021-04-26 11:31:39 +0000
     Hash: 51b6a64aae9207050d4971062235ffb1a50f4c78def961e49ed9bf330e1399a2
  LogFileURL: https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma125/v4/e6/55/40/e65540ec-5b41-35d3-472a-39de22fae682/developer_log.json?accessKey=1619631630_7569357010336374604_TYObGxboDedxCLyfVHnC8CbBZ%2FyqrX3Puc%2FCsPG4az%2FwZhBKiihwyFB4J0GeWr5N3T959HsGAEtTOKDLpA3ArDZ0COCAEDESoXi9shVLV4XWiV4oMzmOKpuIOoN1wUclhwUldeU5%2FNEpg%2FQROZMqeDD71xpxLbnwmLRR%2BVNdEZ0%3D
  RequestUUID: f2c3a1a0-cf49-4468-85ad-cc6b32a04251
    Status: success
  Status Code: 0
Status Message: Package Approved

What are we overlooking?

0

Answer 3

DTS Engineer OP

Apple

Apr ’21

If you fetch that LogFileURL you’ll get the log for your notarisation request (you may need to rerun --notarization-info to refresh the URL). In that you’ll see a ticketContents array that lists the cdhash values for all the items that are covered by the ticket. There’s no entry for 84b4221cdea9233651f8299c635f52ea24cbec5b, which suggests that there’s a mismatch between what you notarised and what you’re trying to staple.

Try this:

Code Block  % shasum -a 256 `crowd-it_macosx_installer.pkg`

where crowd-it_macosx_installer.pkg is the exact file that you submitted for notarisation. I’d expect this to print a checksum of 51b6a64aae9207050d4971062235ffb1a50f4c78def961e49ed9bf330e1399a2, which is what you’ll find in the sha256 property in your notarisation log.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0