The staple and validate action failed! Error 65.

I've tried to sign/notarize/staple my Electron app via electron-builder, using electron-notarize. I tried it as well in cmd line - both times, same result.

  • Code signing runs without a problem.
  • Notarize (I did wait two days first time, now it's couple of minutes)
  • Stapling - failure
`Downloaded ticket has been stored at file:///var/folders/....
Could not validate ticket for....
The staple and validate action failed! Error 65.
`

I've checked, and the tickets are downloaded to said folder.

My process:

`codesign --deep --force --options runtime \
  --entitlements build/entitlements.mac.plist \
  --sign "Developer ID Application: Pete..." \
  dist/mac-arm64/Modelist.app`

ditto -c -k --sequesterRsrc --keepParent dist/mac-arm64/Modelist.app dist/mac-arm64/Modelist.zip

xcrun notarytool submit dist/mac-arm64/Modelist.zip \
  --apple-id "email" \
  --password "app_specific_pass" \
  --team-id "team_id" \
  --wait
Conducting pre-submission checks for Modelist.zip and initiating connection to the Apple notary service...
Submission ID received
  id: 8fa0b3d3-291...
Upload progress: 100,00% (98,1 MB of 98,1 MB)
Successfully uploaded file
  id: 8fa0b3d3-291...
  path: /Users/pete/projects/modelist2/dist/mac-arm64/Modelist.zip
Waiting for processing to complete.
Current status: Accepted.............
Processing complete
  id: 8fa0b3d3-291...
  status: Accepted
xcrun stapler staple dist/mac-arm64/Modelist.app
Processing: /Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app
Could not validate ticket for /Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app
The staple and validate action failed! Error 65.
  • The certs were installed via XCode.
  • Variables are all exported in env.
  • I followed the instructions for electron-builder from here: https://kilianvalkhof.com/2019/electron/notarizing-your-electron-application/

I'm sure I made a stupid little mistake, but after hours of arguing with ChatGPT we are going in circles and after clicking on almost every link in Google, I'm kindda lost.

Answered by DTS Engineer in 821877022

Error 65 means that there is no ticket for the thing you’re trying to staple. The usually means that your notarisation failed but, as you’ve shown here, the notarisation actually succeeded. So either you’re stapling something that you didn’t notarise or the notary service didn’t recognise all of your code, and thus failed to include the relevant value in your ticket.

Before you start debugging this specific problems, there are two parts to your process that you need to fix. The first is this:

Written by PeteMinus in 772807021
codesign --deep --force --options runtime …

Don’t sign code with --deep. See --deep Considered Harmful for an explanation as to why that’s bad. For advice on how to sign and package your code, see:

The second fix relates to this:

Written by PeteMinus in 772807021
ditto -c -k --sequesterRsrc --keepParent dist/mac-arm64/Modelist.app dist/mac-arm64/Modelist.zip

The --sequesterRsrc option is wrong. I talk about what that attribute does in Extended Attributes and Zip Archives. It’s wrong here because:

  • Apps shouldn’t rely on extended attributes. In some cases that’s unavoidable, but in the vast majority of cases there shouldn’t be any extended attributes to sequester.

  • The notary service doesn’t recognised sequestered extended attributes, so if there are any important attributes in there then things are going to end badly.

I recommend that you start by investigating what extended attributes your app has. There are two that particularly problematic:

  • Quarantine attribute — That is, com.apple.quarantine.

  • Code signature attributes — That is, com.apple.cs.*. See TN3126 Inside Code Signing: Hashes for more on that.

If you have the quarantine attribute, you should remove it. Don’t just strip it from the app you submit, but track down how your build system added it and then remove it from the source.

If you have any code signature attributes then lemme know, because those are more subtle.


Once you’ve dealt with the above, you can retry this process. If you continue to have problems, check that the following cdhash values line up:

  • The value for the app you’re trying to stapler. Dump this using codesign --display -vvv.

  • The value that stapler is looking for. Add a -v option to the command to get it to show you the value.

  • The values in the notarised ticket. You’ll see these in the notary log. See Fetching the Notary Log for info on how to get that.


I have a lot more info about this stuff in Notarisation Resources. Specifically, check out Notarisation Fundamentals.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Error 65 means that there is no ticket for the thing you’re trying to staple. The usually means that your notarisation failed but, as you’ve shown here, the notarisation actually succeeded. So either you’re stapling something that you didn’t notarise or the notary service didn’t recognise all of your code, and thus failed to include the relevant value in your ticket.

Before you start debugging this specific problems, there are two parts to your process that you need to fix. The first is this:

Written by PeteMinus in 772807021
codesign --deep --force --options runtime …

Don’t sign code with --deep. See --deep Considered Harmful for an explanation as to why that’s bad. For advice on how to sign and package your code, see:

The second fix relates to this:

Written by PeteMinus in 772807021
ditto -c -k --sequesterRsrc --keepParent dist/mac-arm64/Modelist.app dist/mac-arm64/Modelist.zip

The --sequesterRsrc option is wrong. I talk about what that attribute does in Extended Attributes and Zip Archives. It’s wrong here because:

  • Apps shouldn’t rely on extended attributes. In some cases that’s unavoidable, but in the vast majority of cases there shouldn’t be any extended attributes to sequester.

  • The notary service doesn’t recognised sequestered extended attributes, so if there are any important attributes in there then things are going to end badly.

I recommend that you start by investigating what extended attributes your app has. There are two that particularly problematic:

  • Quarantine attribute — That is, com.apple.quarantine.

  • Code signature attributes — That is, com.apple.cs.*. See TN3126 Inside Code Signing: Hashes for more on that.

If you have the quarantine attribute, you should remove it. Don’t just strip it from the app you submit, but track down how your build system added it and then remove it from the source.

If you have any code signature attributes then lemme know, because those are more subtle.


Once you’ve dealt with the above, you can retry this process. If you continue to have problems, check that the following cdhash values line up:

  • The value for the app you’re trying to stapler. Dump this using codesign --display -vvv.

  • The value that stapler is looking for. Add a -v option to the command to get it to show you the value.

  • The values in the notarised ticket. You’ll see these in the notary log. See Fetching the Notary Log for info on how to get that.


I have a lot more info about this stuff in Notarisation Resources. Specifically, check out Notarisation Fundamentals.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thanks Quinn! I appreciate your detailed response and all the links. I followed your advice and I dropped the --deep and the --sequesterRsrc attributes and tried again. As well checked everything recommended. Unfortunately, no difference to end result.

Further on exploring, I did a few more small steps. As I believe it's something with the setup on my machine. I removed every single certificate that even remotely resembles app building/signing from KeyChain and added them back in from XCode (double-checked again its latest version). I did also what I would do on Windows - restarted the machine. Re-set the keychain, env variables, etc...

Still, stuck at the same error.

I've attached a log of my process and outputs if anyone can spot something I missed and I'm doing it wrong. Much appreciated!

The steps

  • build a fresh app
  • sign all the components first, then the app
  • make sure everything is signed
  • delete the old one and create a new zip package
  • send for notarization
  • stapling... Error 65

All the IDs I've checked, match. All the timestamps are there. Even used --preserve-metadata with signing...

Funny thing is, even though my build script is not entirely correct, on GitHub Actions with the same vars and certs (copy&paste), and it staples the damn thing. Not the flow I prefer, but I guess I'll have to make that one work.

➜  modelist2 git:(main) ✗ codesign --verify --deep --strict --verbose=4 "dist/mac-arm64/Modelist.app"
dist/mac-arm64/Modelist.app: code object is not signed at all
In architecture: arm64
➜  modelist2 git:(main) ✗ >....
entitlements.mac.plist --options runtime --timestamp "dist/mac-arm64/Modelist.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libEGL.dylib"
codesign --force --verify --verbose --sign "Developer ID Application: Peter Pohar (C5T7289V73)" --entitlements assets/entitlements.mac.plist --options runtime --timestamp "dist/mac-arm64/Modelist.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libvk_swiftshader.dylib"
codesign --force --verify --verbose --sign "Developer ID Application: Peter Pohar (C5T7289V73)" --entitlements assets/entitlements.mac.plist --options runtime --timestamp "dist/mac-arm64/Modelist.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libGLESv2.dylib"
codesign --force --verify --verbose --sign "Developer ID Application: Peter Pohar (C5T7289V73)" --entitlements assets/entitlements.mac.plist --options runtime --timestamp "dist/mac-arm64/Modelist.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib"

# Sign helpers
codesign --force --verify --verbose --sign "Developer ID Application: Peter Pohar (C5T7289V73)" --entitlements assets/entitlements.mac.plist --options runtime --timestamp "dist/mac-arm64/Modelist.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Helpers/chrome_crashpad_handler"
codesign --force --verify --verbose --sign "Developer ID Application: Peter Pohar (C5T7289V73)" --entitlements assets/entitlements.mac.plist --options runtime --timestamp "dist/mac-arm64/Modelist.app/Contents/Frameworks/Squirrel.framework/Versions/A/Resources/ShipIt"

# Sign frameworks
codesign --force --verify --verbose --sign "Developer ID Application: Peter Pohar (C5T7289V73)" --entitlements assets/entitlements.mac.plist --options runtime --timestamp "dist/mac-arm64/Modelist.app/Contents/Frameworks/Squirrel.framework"
codesign --force --verify --verbose --sign "Developer ID Application: Peter Pohar (C5T7289V73)" --entitlements assets/entitlements.mac.plist --options runtime --timestamp "dist/mac-arm64/Modelist.app/Contents/Frameworks/Mantle.framework"
codesign --force --verify --verbose --sign "Developer ID Application: Peter Pohar (C5T7289V73)" --entitlements assets/entitlements.mac.plist --options runtime --timestamp "dist/mac-arm64/Modelist.app/Contents/Frameworks/ReactiveObjC.framework"
codesign --force --verify --verbose --sign "Developer ID Application: Peter Pohar (C5T7289V73)" --entitlements assets/entitlements.mac.plist --options runtime --timestamp "dist/mac-arm64/Modelist.app/Contents/Frameworks/Electron Framework.framework"

# Sign helper apps
codesign --force --verify --verbose --sign "Developer ID Application: Peter Pohar (C5T7289V73)" --entitlements assets/entitlements.mac.plist --options runtime --timestamp "dist/mac-arm64/Modelist.app/Contents/Frameworks/Modelist Helper (Plugin).app"
codesign --force --verify --verbose --sign "Developer ID Application: Peter Pohar (C5T7289V73)" --entitlements assets/entitlements.mac.plist --options runtime --timestamp "dist/mac-arm64/Modelist.app/Contents/Frameworks/Modelist Helper (GPU).app"
codesign --force --verify --verbose --sign "Developer ID Application: Peter Pohar (C5T7289V73)" --entitlements assets/entitlements.mac.plist --options runtime --timestamp "dist/mac-arm64/Modelist.app/Contents/Frameworks/Modelist Helper (Renderer).app"
codesign --force --verify --verbose --sign "Developer ID Application: Peter Pohar (C5T7289V73)" --entitlements assets/entitlements.mac.plist --options runtime --timestamp "dist/mac-arm64/Modelist.app/Contents/Frameworks/Modelist Helper.app"

# Sign the main app bundle
codesign --force --verify --verbose --sign "Developer ID Application: Peter Pohar (C5T7289V73)" --entitlements assets/entitlements.mac.plist --options runtime --timestamp "dist/mac-arm64/Modelist.app"
dist/mac-arm64/Modelist.app/Contents/Resources/app.asar.unpacked/node_modules/better-sqlite3/build/Release/better_sqlite3.node: signed Mach-O thin (arm64) [better_sqlite3]
dist/mac-arm64/Modelist.app/Contents/Resources/app.asar.unpacked/node_modules/@img/sharp-libvips-darwin-arm64/lib/libvips-cpp.42.dylib: signed Mach-O thin (arm64) [libvips-cpp.42]
dist/mac-arm64/Modelist.app/Contents/Resources/app.asar.unpacked/node_modules/@img/sharp-darwin-arm64/lib/sharp-darwin-arm64.node: signed Mach-O thin (arm64) [sharp-darwin-arm64]
dist/mac-arm64/Modelist.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libEGL.dylib: signed Mach-O thin (arm64) [libEGL]
dist/mac-arm64/Modelist.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libvk_swiftshader.dylib: signed Mach-O thin (arm64) [libvk_swiftshader]
dist/mac-arm64/Modelist.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libGLESv2.dylib: signed Mach-O thin (arm64) [libGLESv2]
dist/mac-arm64/Modelist.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib: signed Mach-O thin (arm64) [libffmpeg]
dist/mac-arm64/Modelist.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Helpers/chrome_crashpad_handler: signed Mach-O thin (arm64) [chrome_crashpad_handler]
dist/mac-arm64/Modelist.app/Contents/Frameworks/Squirrel.framework/Versions/A/Resources/ShipIt: signed Mach-O thin (arm64) [ShipIt]
dist/mac-arm64/Modelist.app/Contents/Frameworks/Squirrel.framework: signed bundle with Mach-O thin (arm64) [com.github.Squirrel]
dist/mac-arm64/Modelist.app/Contents/Frameworks/Mantle.framework: signed bundle with Mach-O thin (arm64) [org.mantle.Mantle]
dist/mac-arm64/Modelist.app/Contents/Frameworks/ReactiveObjC.framework: signed bundle with Mach-O thin (arm64) [com.electron.reactive]
dist/mac-arm64/Modelist.app/Contents/Frameworks/Electron Framework.framework: signed bundle with Mach-O thin (arm64) [com.github.Electron.framework]
dist/mac-arm64/Modelist.app/Contents/Frameworks/Modelist Helper (Plugin).app: signed app bundle with Mach-O thin (arm64) [com.modelist.app.helper.Plugin]
dist/mac-arm64/Modelist.app/Contents/Frameworks/Modelist Helper (GPU).app: signed app bundle with Mach-O thin (arm64) [com.modelist.app.helper.GPU]
dist/mac-arm64/Modelist.app/Contents/Frameworks/Modelist Helper (Renderer).app: signed app bundle with Mach-O thin (arm64) [com.modelist.app.helper.Renderer]
dist/mac-arm64/Modelist.app/Contents/Frameworks/Modelist Helper.app: signed app bundle with Mach-O thin (arm64) [com.modelist.app.helper]
dist/mac-arm64/Modelist.app: signed app bundle with Mach-O thin (arm64) [com.modelist.app]


➜  modelist2 git:(main) ✗ codesign --verify --deep --strict --verbose=4 "dist/mac-arm64/Modelist.app"
--prepared:/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/Frameworks/Modelist Helper (Plugin).app
--validated:/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/Frameworks/Modelist Helper (Plugin).app
--prepared:/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/Frameworks/Mantle.framework/Versions/Current/.
--prepared:/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/Frameworks/ReactiveObjC.framework/Versions/Current/.
--validated:/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/Frameworks/Mantle.framework/Versions/Current/.
--validated:/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/Frameworks/ReactiveObjC.framework/Versions/Current/.
--prepared:/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/Frameworks/Squirrel.framework/Versions/Current/.
--prepared:/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/Frameworks/Modelist Helper (GPU).app
--validated:/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/Frameworks/Modelist Helper (GPU).app
--validated:/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/Frameworks/Squirrel.framework/Versions/Current/.
--prepared:/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/Frameworks/Modelist Helper (Renderer).app
--validated:/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/Frameworks/Modelist Helper (Renderer).app
--prepared:/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/Frameworks/Modelist Helper.app
--validated:/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/Frameworks/Modelist Helper.app
--prepared:/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/.
--prepared:/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/Helpers/chrome_crashpad_handler
--validated:/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/Helpers/chrome_crashpad_handler
--validated:/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/Frameworks/Electron Framework.framework/Versions/Current/.
dist/mac-arm64/Modelist.app: valid on disk
dist/mac-arm64/Modelist.app: satisfies its Designated Requirement

➜  modelist2 git:(main) ✗ ditto -c -k --keepParent "dist/mac-arm64/Modelist.app" "dist/mac-arm64/Modelist.zip"

➜  modelist2 git:(main) ✗ xcrun notarytool submit "dist/mac-arm64/Modelist.zip" \
  --keychain-profile "Modelist" \
  --wait
Conducting pre-submission checks for Modelist.zip and initiating connection to the Apple notary service...
Submission ID received
  id: e86e92e3-06d1-4dff-aeda-e2e801876992
Upload progress: 100,00% (108 MB of 108 MB)
Successfully uploaded file
  id: e86e92e3-06d1-4dff-aeda-e2e801876992
  path: /Users/pete/projects/modelist2/dist/mac-arm64/Modelist.zip
Waiting for processing to complete.
Current status: Accepted............
Processing complete
  id: e86e92e3-06d1-4dff-aeda-e2e801876992
  status: Accepted

➜  modelist2 git:(main) ✗ xcrun stapler staple "dist/mac-arm64/Modelist.app"
Processing: /Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app
Could not validate ticket for /Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app
The staple and validate action failed! Error 65.


➜  modelist2 git:(main) ✗ codesign --display --verbose=4 dist/mac-arm64/Modelist.app
Executable=/Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app/Contents/MacOS/Modelist
Identifier=com.modelist.app
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20500 size=764 flags=0x10000(runtime) hashes=13+7 location=embedded
VersionPlatform=1
VersionMin=720896
VersionSDK=917504
Hash type=sha256 size=32
CandidateCDHash sha256=927bbceaf4b514c368c42b54b47d9cd6dcf3fff5
CandidateCDHashFull sha256=927bbceaf4b514c368c42b54b47d9cd6dcf3fff59cd88e388cda5fe384aedb6b
Hash choices=sha256
CMSDigest=927bbceaf4b514c368c42b54b47d9cd6dcf3fff59cd88e388cda5fe384aedb6b
CMSDigestType=2
Executable Segment base=0
Executable Segment limit=16384
Executable Segment flags=0x1
Page size=4096
CDHash=927bbceaf4b514c368c42b54b47d9cd6dcf3fff5
Signature size=8972
Authority=Developer ID Application: Peter Pohar (C5T7289V73)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=22 Jan 2025 at 17:20:31
Info.plist entries=30
TeamIdentifier=C5T7289V73
Runtime Version=14.0.0
Sealed Resources version=2 rules=13 files=770
Internal requirements count=1 size=176


➜  modelist2 git:(main) ✗ xcrun stapler staple -v dist/mac-arm64/Modelist.app
Processing: /Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app
Properties are {
    NSURLIsDirectoryKey = 1;
    NSURLIsPackageKey = 1;
    NSURLIsSymbolicLinkKey = 0;
    NSURLLocalizedTypeDescriptionKey = Application;
    NSURLTypeIdentifierKey = "com.apple.application-bundle";
    "_NSURLIsApplicationKey" = 1;
}
Props are {
    cdhash = {length = 20, bytes = 0x927bbceaf4b514c368c42b54b47d9cd6dcf3fff5};
    digestAlgorithm = 2;
    flags = 65536;
    secureTimestamp = "2025-01-22 16:20:31 +0000";
    signingId = "com.modelist.app";
    teamId = C5T7289V73;
}
JSON Data is {
    records =     (
                {
            recordName = "2/2/927bbceaf4b514c368c42b54b47d9cd6dcf3fff5";
        }
    );
}
 Headers: {
    "Content-Type" = "application/json";
}
Domain is api.apple-cloudkit.com
Response is  { URL: https://api.apple-cloudkit.com/database/1/com.apple.gk.ticket-delivery/production/public/records/lookup } { Status Code: 200, Headers {
    Connection =     (
        "keep-alive"
    );
    "Content-Encoding" =     (
        gzip
    );
    "Content-Type" =     (
        "application/json; charset=UTF-8"
    );
    Date =     (
        "Wed, 22 Jan 2025 16:35:26 GMT"
    );
    Server =     (
        "AppleHttpServer/d2dcc6a0a5e3"
    );
    "Strict-Transport-Security" =     (
        "max-age=31536000; includeSubDomains;"
    );
    "Transfer-Encoding" =     (
        Identity
    );
    Via =     (
        "xrail:st53p00ic-qujn14040702.me.com:8301:24R643:grp60,631194250daa17e24277dea86cf30319:c7534d9b8dcee1f5188f194eaae79fe1:defra2"
    );
    "X-Apple-CloudKit-Version" =     (
        "1.0"
    );
    "X-Apple-Edge-Response-Time" =     (
        107
    );
    "X-Apple-Request-UUID" =     (
        "0caed1f3-7b8e-4893-ad50-45030134f9ec"
    );
    "X-Responding-Instance" =     (
        "ckdatabasews:16305801:st42p63ic-ztfb09170401:8807:2433B76:f180568a116b20f4858dff0d336ea327e38705c4"
    );
    "access-control-expose-headers" =     (
        "X-Apple-Request-UUID,X-Responding-Instance,Via"
    );
    "x-apple-user-partition" =     (
        63
    );
} }
Size of data is 3293
JSON Response is: {
    records =     (
                {
            created =             {
                deviceID = 2;
                timestamp = 1737562941510;
                userRecordName = "_b133e60953755a92966d7ca08d9c731a";
            };
            deleted = 0;
            fields =             {
                signedTicket =                 {
                    type = BYTES;
                    value = "czhjaAEAAADwBQAAkgEAADCCBewwggL+MIICpKADAgECAggS6z81d0Y99DAKBggqhkjOPQQDAjByMSYwJAYDVQQDDB1BcHBsZSBTeXN0ZW0gSW50ZWdyYXRpb24gQ0EgNDEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTI0MDIyNzE5MDk1MloXDTI1MDMyODE5MDk1MVowRDEgMB4GA1UEAwwXU29mdHdhcmUgVGlja2V0IFNpZ25pbmcxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEP2wYbs8l1tdjjC4moUmxwtFcJCXIM1ryytRBDDhag/RqLXVZ0Xmu5UeGj/PFrS0mzpJY1et/5VbkzAoAFNdXy6OCAVAwggFMMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUeke6OIoVJEgiRs2+jxokezQDKmkwQQYIKwYBBQUHAQEENTAzMDEGCCsGAQUFBzABhiVodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLWFzaWNhNDAyMIGWBgNVHSAEgY4wgYswgYgGCSqGSIb3Y2QFATB7MHkGCCsGAQUFBwICMG0Ma1RoaXMgY2VydGlmaWNhdGUgaXMgdG8gYmUgdXNlZCBleGNsdXNpdmVseSBmb3IgZnVuY3Rpb25zIGludGVybmFsIHRvIEFwcGxlIFByb2R1Y3RzIGFuZC9vciBBcHBsZSBwcm9jZXNzZXMuMB0GA1UdDgQWBBSIfta1TfagZ+w9FUWszkFcIx8azzAOBgNVHQ8BAf8EBAMCB4AwEAYKKoZIhvdjZAYBHgQCBQAwCgYIKoZIzj0EAwIDSAAwRQIgF94lgs2mkB511fXwFmsL9xvVjbE95eYTuWh08hkPOyQCIQCi0JxTRPx4fK4ICs1IlOD6y4Jj2/AyGD8YCVKFqJCDuzCCAuYwggJtoAMCAQICCDMN7vi/TGguMAoGCCqGSM49BAMDMGcxGzAZBgNVBAMMEkFwcGxlIFJvb3QgQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE3MDIyMjIyMjMyMloXDTMyMDIxODAwMDAwMFowcjEmMCQGA1UEAwwdQXBwbGUgU3lzdGVtIEludGVncmF0aW9uIENBIDQxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAZrpFZvfZ8n0c42jpIbVs1UNmRKyZRomfrJIH7i9VgP3OJq6xlHLy7vO6QBtAETRHxaJq2gnCkliuXmBm9PfFqjgfcwgfQwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS7sN6hWDOImqSKmd6+veuv2sskqzBGBggrBgEFBQcBAQQ6MDgwNgYIKwYBBQUHMAGGKmh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDMtYXBwbGVyb290Y2FnMzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHBsZXJvb3RjYWczLmNybDAdBgNVHQ4EFgQUeke6OIoVJEgiRs2+jxokezQDKmkwDgYDVR0PAQH/BAQDAgEGMBAGCiqGSIb3Y2QGAhEEAgUAMAoGCCqGSM49BAMDA2cAMGQCMBUMqY7Gr5Zpa6ef3VzUA1lsrlLUYMaLduC3xaLxCXzgmuNrseN8McQneqeOif2rdwIwYTMg8Sn/+YcyrinIZD12e1Gk0gIvdr5gIpHx1Tp13LTixiqW/sYJ3EpP1STw/MqyZzh0awIAFAASAAAAAAAAAD0bkWcAAAAAApJ7vOr0tRTDaMQrVLR9nNbc8//1AjtRcgyG5IkRI6bmDYCNgQv6ST31AjtaB6ldi45lIYLEBvwh4NEPZx8xAvdNBq4hawraOHIZOuun+ZogOIKPArNB7PZaF+uscSKqxIRpv1PsZps9ArHKJ+KxFwe7MGKfiPEQ4WsHgF5FAnAvWEH9U9gdpsErisSUKpDQxTuFAgK6wpdmfTQcJuAqLp8M60GHmD1HAiAkbxpfv2k6gwykM2z9mLGgzGxAAiHGH3HX6cho3riv6pLYu+CIYub4AspLbBdmjehJmrzm/nUWNybYxQekAg6Nv2CrBCug07U1Uq9z2Me5/oGzAoOegvReL1vD4lOjwjN5eweSOjoEAlMyzmpAVbsLoqLFaLRHtGuIcurcAjcJIeFlxdNnHun1u2L1JEQ6R+spAoRPZtaeVbcVMz3CPLoGBbvIOITMAoTDzy6wCJ9UcTXoXa05CLimmrC7Aod2ECAe6FkaqVQ39uhWojZef4auMEQCIDp/ZtvVxLYtncA454JNWBIkGA70Y4+Pg4nnZ3O/bhEvAiAldKZ8VHW8oTmF1wZLYqDVmHA9rp6DB+sTEuv+HNyg9wAA";
                };
            };
            modified =             {
                deviceID = 2;
                timestamp = 1737562941510;
                userRecordName = "_b133e60953755a92966d7ca08d9c731a";
            };
            pluginFields =             {
            };
            recordChangeTag = m6844282;
            recordName = "2/2/927bbceaf4b514c368c42b54b47d9cd6dcf3fff5";
            recordType = DeveloperIDTicket;
        }
    );
}
Downloaded ticket has been stored at file:///var/folders/gx/sfyb5wd54q14zr7j7dgjlrx80000gn/T/0caed1f3-7b8e-4893-ad50-45030134f9ec.ticket.
Could not validate ticket for /Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app
The staple and validate action failed! Error 65.

For anyone who comes across this thread, I’ll keep it updated with any new developments. So far, it seems to be an issue with my machine. I can’t even open apps after downloading them. For example: Apple could not verify “Visual Studio Code” is free of malware that may harm your Mac or compromise your privacy. Gatekeeper is set to "App Store & Known Developers"

Having said that, I believe stapling issues are connected.

[Sorry I didn’t respond sooner. I wasn’t notified of your recent updates )-: ]

In the log there’s this message:

Could not validate ticket for …/Modelist.app

That suggests that it found the ticket but failed to validate its signature. It’s very likely that the ticket was delivered correctly, meaning that there’s a trust evaluation problem.

One common cause of such problems is folks monkeying with trust settings. What do these commands show on your machine?

% security dump-trust-settings   
SecTrustSettingsCopyCertificates: No Trust Settings were found.
% security dump-trust-settings  -d
SecTrustSettingsCopyCertificates: No Trust Settings were found.

If that doesn’t turn up anything interesting, my next suggestion is that you create a new local user account (in System Settings > Users & Groups) and retry the stapling there. That’ll tell you whether the issue is tied to your machine or to your account.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

The staple and validate action failed! Error 65.
 
 
Q