I created a new sample project and enabled hardened runtime. The code signing is successful and app successfully got uploaded to apple notary service as I received a xcode notification regarding notarized app export.
I have validated the code signing using below command
codesign -vvv --deep --strict '/Users/xxx/Downloads/NotarizedApp/AppNotaryAndDistrib.app'
which gives following o/p
/Users/xxx/Downloads/NotarizedApp/AppNotaryAndDistrib.app: valid on disk
/Users/xxx/Downloads/NotarizedApp/AppNotaryAndDistrib.app: satisfies its Designated Requirement
My requirement is to distribute the appliation software through a package installer, for the same I created a installer package using package tool [http://s.sudre.free.fr/Software/Packages/about.html]. The codesigning of installer package is also successful
productsign --sign "Developer ID Installer: Team Name (Team Identifier)" "AppNotaryAndDistri.pkg" "AppNotaryAndDistri_1.0_Installer.pkg"
The O/P of productsign command is mentioned below:
productsign: using timestamp authority for signature
productsign: signing product with identity "Developer ID Installer: Team Name (Team Identifier)" from keychain /Users/xxx/Library/Keychains/login.keychain-db
productsign: adding certificate "Developer ID Certification Authority"
productsign: adding certificate "Apple Root CA"
productsign: Wrote signed product archive to AppNotaryAndDistri_1.0_Installer.pkg
To notarize the signed installer package, i used the following command
xcrun altool --notarize-app --primary-bundle-id "application-bundle-id" --username "apple-account-id" --password "app-specific-password" --file AppNotaryAndDistri_1.0_Installer.pkg
which returns a request uuid successfully
No errors uploading 'AppNotaryAndDistri_1.0_Installer.pkg'.
RequestUUID = 7f24e166-b47a-47d8-b09d-21268886351e
The notarization info command o/p is below:
RequestUUID: 7f24e166-b47a-47d8-b09d-21268886351e
Status: success
Status Code: 0
Status Message: Package Approved
Till now everything looks good and no error from apple, also developer_log doesn't give any error. But when i try stapling using
xcrun stapler staple 'AppNotaryAndDistri_1.0_Installer.pkg'
it gives following error
Could not validate ticket for /Users/xxx/Downloads/MacSigning/AppNotaryAndDistri/AppNotaryAndDistri_1.0_Installer.pkg
The staple and validate action failed! Error 65.
Tried below command
xcrun stapler staple -v 'AppNotaryAndDistri_1.0_Installer.pkg'
which says
Downloaded ticket has been stored at file:/// path-to-ticket
Could not validate ticket for /Users/xxx/Downloads/MacSigning/AppNotaryAndDistri/AppNotaryAndDistri_1.0_Installer.pkg
The staple and validate action failed! Error 65.
The problem is without stapling, When user tries to install the software, the system prompts an alert saying xxx.pkg can't be opened because Apple cannot check it for malicious software. I don't want user should see such alerts. I am stuck on it from a week. please let me know what is wrong in the process, did i miss any step? Pls assist...
Got this working!!
@eskimo reply on this thread helped me finally.