Python app keeps failing notarytool

Hi!

I am fairly new to Mac/ Python development. I have written a python script that includes the lovely customTkinter Library. the app works, I have checked it extensively, but after creating an executable with both Pyinstaller and Py2app, my app keeps failing notarization. I have the developer account, I have the Developer ID application: Name (xxxxxxxxxx).

My last attempt with py2app, I try to codesign the .app bundle with : codesign --deep --force --verbose --options=runtime --timestamp --sign "Developer ID Application: Lennert Esser (5823RMSZ52)" XYZ\ 2\ OSC.app if I do that, I receive a clean message that XYZ 2 OSC.app: signed app bundle with Mach-O universal (x86_64 arm64) [com.myname.appname.app]

the verify of the code signature gives nice messages as well: --prepared:/Users/lennert/Documents/SoftwareDevelopment/PythonLocal/Pozyx/dist/XYZ 2 OSC.app/Contents/MacOS/python --validated:/Users/lennert/Documents/SoftwareDevelopment/PythonLocal/Pozyx/dist/XYZ 2 OSC.app/Contents/MacOS/python .... XYZ 2 OSC.app: valid on disk XYZ 2 OSC.app: satisfies its Designated Requirement

So I would say, so far so good...?

BUT.... if I try to notarize my archived .app bundle. the notarization fails, with looadddssss of errors, with both: "The signature does not include a secure timestamp." and "The binary is not signed with a valid Developer ID certificate."

I am completely stuck. Believe me, I have tried everything. Google, ChatGTP, multiple tries to codesign everything separately with: find /path/to/my/app/contents -type f -exec codesign -s "Developer ID application: Name (xxxxxxxxxx)" {} ;

please, please someone help me explain what I am doing wrong....

Update: the notarization errors are a little less in terms of amount... notarytool log :

"severity": "error", "code": null, "path": "XYZ 2 OSC.zip/XYZ 2 OSC.app/Contents/MacOS/XYZ 2 OSC", "message": "The signature of the binary is invalid.", "docUrl": deleted this line to fit comment....., "architecture": "x86_64" (exact same message for "arm64")

(exact message for "path": "XYZ 2 OSC.zip/XYZ 2 OSC.app/Contents/Frameworks/Python.framework/Python"

Update: the notarization errors are a little less in terms of amount... notarytool log :

"severity": "error", "code": null, "path": "XYZ 2 OSC.zip/XYZ 2 OSC.app/Contents/MacOS/XYZ 2 OSC", "message": "The signature of the binary is invalid.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735", "architecture": "x86_64" (exact same message for "arm64")

"severity": "error", "code": null, "path": "XYZ 2 OSC.zip/XYZ 2 OSC.app/Contents/Frameworks/Python.framework/Python", "message": "The signature of the binary is invalid.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735", "architecture": "x86_64" (exact same message for "arm64")

codesign --deep

Don’t do this. See --deep Considered Harmful for an explanation as to why not.

find /path/to/my/app/contents -type f -exec codesign

And don’t do that either. It’s like --deep, but worse O-:

When using third-party tooling, it’s best to follow the advice for that tooling. If the tooling doesn’t offer any advice, we have general instructions in:

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Python app keeps failing notarytool
 
 
Q