Is Apple's Timestamp Server Acting Up?

I'm hitting an error in codesign. It's reporting "The timestamp service is not available." Are other people hitting this error?

I confirmed that if I use -timestamp=none, it works (but of course I cannot notarize). So I'm inclined to believe that the error message actually means what it says.

I tried rebooting, checked my certificates haven't expired, and tried using three different LANs to eliminate networking issues.

The app I'm signing is Electron, and I've noticed that the specific file it dies on changes each time. That makes me suspect the timestamp service might be only working intermittently.

Up vote post of jesmith Down vote post of jesmith
1.9k views
Posted by
jesmith
Reply
Add a Comment

Replies

As a workaround I tweaked my build script to call codesign again and again if it fails, and that seems to have solved my issue (at the expense of time). So it definitely seems that the timestamp server is flaking out.

Posted by
jesmith
Up vote reply of jesmith Down vote reply of jesmith
Add a Comment

So it definitely seems that the timestamp server is flaking out.

Quite. If you see this again, please trigger a sysdiagnose log immediately after seeing the problem and then put that in a bug report.

It would also be helpful if you could attach a packet trace that covers the duration of the failure. One way to do this is to run tcpdump in its rotate mode, using -W with either -C or -G, and then stop it after seeing the error. Still, I realise that this is going above and beyond so if you’re not up for it then just a bug report with a sysdiagnose would be fab.

Please post your bug number, just for the record.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Okay, I did all that. I used Feedback Assistant and was assigned FB9724101.

Posted by
jesmith
Up vote reply of jesmith Down vote reply of jesmith

  • Thank you!

    eskimo
Add a Comment

Another on Ventura: FB11762161

Posted by
Smithers
Up vote reply of Smithers Down vote reply of Smithers
Add a Comment

Another on Ventura: FB11762161

Thanks.

The next time this crops up, check out my advice in this post.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

There can be an another issue, if you're extremely unlucky FB13701209

In short, if there are approximately 30 seconds between codesign calls, this could cause race in a timestamp service. If codesign will be called After ~29.9 seonds of The Timestamp service will lmar conneciton as initiated, Will perform some work, and after 0.1 second will receive socked_closed Timestamp service will treat this as unexpected connection termination, and will reply to the codesign with somewhat error. Codesign will fail, and the build will as well.

Woekarounds:

  • call 'fake' codesigns
  • manually terminate XPCTimeStampingService between build phases that won't require codesigning for a long time (30 sec)

You can try to find what's going on with

sudo log collect --start *** and search for codesign, and / or XPCTimeStampingService calls

Posted by
paul258
Up vote reply of paul258 Down vote reply of paul258
Add a Comment