Hello,
I am trying without luck to create a .dmg or .pkg for my electron app that can be opened by any user on a mac. Every time I fail. All is happening by the same pattern. Here is the last try with creating a .pkg instead of .dmg.
The app is built and it is signed correctly (I suppose)
codesign --verify --verbose=1 dist/mac-universal/VIVIDTIME.app
dist/mac-universal/VIVIDTIME.app: valid on disk
dist/mac-universal/VIVIDTIME.app: satisfies its Designated Requirement
I created a .pkg
pkgbuild --root "dist/mac-universal/VIVIDTIME.app" \
--install-location "/Applications/VIVIDTIME.app" \
--identifier "app.vividtime.mac" \
--version "1.1.0" \
--sign "Developer ID Installer: Pavel Bochkov-Rastopchin (2QKDCTR5Y3)" \
dist/VIVIDTIME.pkg
pkgbuild: Inferring bundle components from contents of dist/mac-universal/VIVIDTIME.app
pkgbuild: Adding component at Contents/Frameworks/Mantle.framework
pkgbuild: Adding component at Contents/Frameworks/VIVIDTIME Helper.app
pkgbuild: Adding component at Contents/Frameworks/VIVIDTIME Helper (GPU).app
pkgbuild: Adding component at Contents/Frameworks/Electron Framework.framework
pkgbuild: Adding component at Contents/Frameworks/Squirrel.framework
pkgbuild: Adding component at Contents/Frameworks/VIVIDTIME Helper (Renderer).app
pkgbuild: Adding component at Contents/Frameworks/VIVIDTIME Helper (Plugin).app
pkgbuild: Adding component at Contents/Frameworks/ReactiveObjC.framework
pkgbuild: Using timestamp authority for signature
pkgbuild: Signing package with identity "Developer ID Installer: Pavel Bochkov-Rastopchin (2QKDCTR5Y3)" from keychain /Users/innrvoice/Library/Keychains/login.keychain-db
pkgbuild: Adding certificate "Developer ID Certification Authority"
pkgbuild: Adding certificate "Apple Root CA"
pkgbuild: Wrote package to dist/VIVIDTIME.pkg
Notarization
RSS for tagNotarization is the process of scanning Developer ID-signed software for malicious components before distribution outside of the Mac App Store.
Post
Replies
Boosts
Views
Activity
I had submitted my app for notarization and it shows the below error -
"status": "Rejected",
"statusSummary": "Team is not yet configured for notarization. Please contact Developer Programs Support at developer.apple.com under the topic Development and Technical / Other Development or Technical Questions.",
"statusCode": 7000,
I have raised a ticket in the support but no reply yet.
Kindly help ASAP
I have an app that only crashes once it's been notarised. I read a few posts that essentially said before trying to identify issues by reviewing the crash report I should ensure signing and notarisation has happened correctly.
I've worked through the document "Resolving common notarization issues"
spctl -vvv --assess --type exec: gives no errors and correctly returns my developer id.
codesign -dvv: returns a timestamp
My app uses a hardened runtime.
My app shows up in Xcode as a macOS Archive (e.g not a Generic Xcode Archive)
Here is the crash report.
Translated Report (Full Report Below)
Process: Scene Finder [44479]
Path: /Users/USER/Downloads/Scene Finder.app/Contents/MacOS/Scene Finder
Identifier:
Version: 0.9 (20250206.1)
Code Type: ARM-64 (Native)
Parent Process: launchd [1]
User ID: 501
Date/Time: 2025-02-11 13:09:03.7786 +1000
OS Version: macOS 15.3 (24D60)
Report Version: 12
Anonymous UUID: EE8B1269-0A8A-3AB6-516B-C752E8A18B5A
Sleep/Wake UUID: 436CD7CF-7B13-4A9C-9425-7EF94CC007A9
Time Awake Since Boot: 98000 seconds
Time Since Wake: 9524 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Termination Reason: Namespace SIGNAL, Code 6 Abort trap: 6
Terminating Process: Scene Finder [44479]
Hi everyone,
Native Instruments is encountering a critical issue with the notarization process. The xcrun notary submit command appears to be stuck and is not completing, preventing us from notarizing our apps.
Specifically, the command hangs indefinitely.
This issue started today. We've already tried the following troubleshooting steps:
Cancelling and re-running the command
Checking my internet connection
Checking the Apple System Status page
Cleaning the build folder
using a different machine
This is a major blocker for our company, as it's preventing from from us from testing and releasing some of our products.
It seems to be a similar issue as reported in https://developer.apple.com/forums/thread/772542?page=2.
Has anyone else experienced xcrun notary submit getting stuck like this? Any insights or suggestions would be greatly appreciated. I'm particularly interested in knowing if there are any known issues with the notarization service currently.
Details about my setup:
Xcode Version: 16.1
macOS Version: 14.7.1
App Type: macOS app
Thanks in advance for your help!
A few hours ago, it took 3 minutes to get the notarization phase of our build done... now I've got one that's been running for 25 minutes and hasn't finished yet. The last time this happened, the waits got up to multiple hours, and the status page didn't get updated.
I have created a Mac Catalyst version of the same app, and it was transferred from an old account to a new one. However, the Mac Catalyst build has been stuck in progress for several days when attempting to notarize it.
After many days, I got the rejection with the following error:
Team is not yet configured for notarization. Please contact Developer Programs Support at developer.apple.com under the topic Development and Technical / Other Development or Technical Questions.
I have already tried to create a new developer ID certificate, but it still has the same issue. On the other hand, the iOS app is working fine and has been published in the App Store.
Could you please assist us in resolving this issue as quickly as possible? Your prompt help would be greatly appreciated.
Notarization has been stuck for hours in "Current Status: In Progress...."
Should I keep on waiting or restart the process. If I need to restart the process, how should I go about and do that?
Hello Apple Developer Community,
I’m encountering an issue where my macOS app (signed with a valid ‘Developer ID Application’ certificate and accepted by Apple’s notary service) fails when I attempt to staple the notarization ticket. The Apple notary service reports ‘Accepted’ each time, but xcrun stapler staple always returns Error 65, with the local check (spctl -a -vvv) showing ‘Unnotarized Developer ID.’
Here are some key points:
Certificate: I have a valid ‘Developer ID Application’ certificate (unexpired) in my login and system keychains, with Apple’s intermediate certificates also installed and set to System Defaults or Always Trust.
Notarization: Regardless of whether I submit a .zip of the .app or the final .dmg for notarization, notarytool reports ‘Accepted.’
Stapling: xcrun stapler staple (or notarytool staple) on the exact file I uploaded fails with Error 65, claiming it can’t validate the downloaded ticket.
Environment Checks:
Checked for duplicate or outdated certificates—only one Developer ID remains.
Repeated on multiple code-signed builds (both .app and .dmg) with the same result.
Manually tested code-signing the .app with entitlements (for the hardened runtime) and then signing the .dmg without entitlements.
Logs: The relevant excerpt from stapler indicates “Could not validate ticket for [app]. The staple and validate action failed! Error 65,” even though Apple’s notary service claims success.
Could you please advise any additional troubleshooting steps or possible causes for local validation failure after a successful notarization? I’ve already ensured the environment is up to date with valid intermediates, only one Developer ID certificate. Any insight on diagnosing ticket mismatch or known tool bugs with Error 65 would be appreciated.
Thank you!
I have built a flutter desktop app and I notarized it. I have to distribute it directly as I cannot turn on App Sandboxing due to the functions included in the application.
I created a build of the app from Xcode and then uploaded it for notarization and it was successfully notarized.
If I compress that app into a .zip and share it over the internet, it successfully opens on any computer.
But when I create a dmg using appdmg from npm and I try to distribute it, it does not open and shows me the option to either move to bin or cancel.
When I notarize the dmg using the command:
xcrun notarytool submit "YourApp.dmg"
--apple-id "email"
--password "app-specific-password"
--team-id "YOUR_TEAM_ID"
--wait
It notarizes successfully.
I have also done:
xcrun stapler staple "YourApp.dmg"
And validated it but it does not seem to work when I distribute it over the internet by uploading on my website.
It is a bit strange that when I distribute the notarized app, it does not show any error when distributed over the internet by uploading on my website and then downloading but for a notarized dmg, which is properly signed, it gives that error that wether move to bin or do nothing.
Would love someone's help on this!
I'm new to notarizing applications. I'm building an Electron application using electron-packager. The signing looks solid:
codesign -vvv --deep --strict path/to/app.app
# satisfies its Designated Requirement
But checking notarization, looks like it didn't work.
spctl --assess -vv path/to/app.app
# source=Unnotarized Developer ID
# origin=Developer ID Application: Tyson XXXX (XXXXX)
I'm wondering how to fix the "Unnotarized Developer ID".
Thanks!
Hello,
I've been trying to notarize a Unity 2023.2 app since yesterday, but our submissions stay stuck in In Progress. The first one has been running for 18 hours now with no signs of stopping, and two more attempts have been made since with no results.
Here are the submission IDs in case someone on the team wants to take a look:
00ef6def-601b-46f3-a94f-699d8956a28f
d03f5748-2261-430c-934e-14fa9679afd9
a42d3b5c-3cdb-4bf2-9c86-c92320358ff3
Thank you!
I keep having issues with my account. I have certificates that will not revoke. I create new certificates, then I create new profiles for development, distribution and for developer ID application distribution outside of the app store as well. With my app in Xcode, I can only get the Developer profile to work to allow builds. My distribution profile builds and then fails, with an error 5. The Developer ID Application profile will not even accept the profile in XCode, sighting that there is no code signing, yet I have checked things over and over again. Ontop of this, I had developers in the past in my team and they added a whole lot of certificates for Developer ID that I just cannot use now. I also cannot revoke them. I have no active apps on the app store now, so I was wondering if Apple or someone can assist me in removing ALL the certificates, all the profiles and get a clean slate, so that I can setup everything from scratch again, because I have lost countless of hours getting nowhere and I cannot get Apple support to assist? Anyone been through this before?
I keep having issues with my account. I have certificates that will not revoke. I create new certificates, then I create new profiles for development, distribution and for developer ID application distribution outside of the app store as well. With my app in Xcode, I can only get the Developer profile to work to allow builds. My distribution profile builds and then fails, with an error 5. The Developer ID Application profile will not even accept the profile in XCode, sighting that there is no code signing, yet I have checked things over and over again. Ontop of this, I had developers in the past in my team and they added a whole lot of certificates for Developer ID that I just cannot use now. I also cannot revoke them.
I have no active apps on the app store now, so I was wondering if Apple or someone can assist me in removing ALL the certificates, all the profiles and get a clean slate, so that I can setup everything from scratch again, because I have lost countless of hours getting nowhere and I cannot get Apple support to assist? Anyone been through this before?
I've tried to sign/notarize/staple my Electron app via electron-builder, using electron-notarize. I tried it as well in cmd line - both times, same result.
Code signing runs without a problem.
Notarize (I did wait two days first time, now it's couple of minutes)
Stapling - failure
`Downloaded ticket has been stored at file:///var/folders/....
Could not validate ticket for....
The staple and validate action failed! Error 65.
`
I've checked, and the tickets are downloaded to said folder.
My process:
`codesign --deep --force --options runtime \
--entitlements build/entitlements.mac.plist \
--sign "Developer ID Application: Pete..." \
dist/mac-arm64/Modelist.app`
ditto -c -k --sequesterRsrc --keepParent dist/mac-arm64/Modelist.app dist/mac-arm64/Modelist.zip
xcrun notarytool submit dist/mac-arm64/Modelist.zip \
--apple-id "email" \
--password "app_specific_pass" \
--team-id "team_id" \
--wait
Conducting pre-submission checks for Modelist.zip and initiating connection to the Apple notary service...
Submission ID received
id: 8fa0b3d3-291...
Upload progress: 100,00% (98,1 MB of 98,1 MB)
Successfully uploaded file
id: 8fa0b3d3-291...
path: /Users/pete/projects/modelist2/dist/mac-arm64/Modelist.zip
Waiting for processing to complete.
Current status: Accepted.............
Processing complete
id: 8fa0b3d3-291...
status: Accepted
xcrun stapler staple dist/mac-arm64/Modelist.app
Processing: /Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app
Could not validate ticket for /Users/pete/projects/modelist2/dist/mac-arm64/Modelist.app
The staple and validate action failed! Error 65.
The certs were installed via XCode.
Variables are all exported in env.
I followed the instructions for electron-builder from here: https://kilianvalkhof.com/2019/electron/notarizing-your-electron-application/
I'm sure I made a stupid little mistake, but after hours of arguing with ChatGPT we are going in circles and after clicking on almost every link in Google, I'm kindda lost.
Hi,
Since about 2 weeks notarytool is not very reliable on our CI/CD server. The tool either exists without printing any reason (killed by a signal; not caused by timeout - we have 6h timeouts and the tool gets killed after about 30 mins) or the process takes a very long time e.g. 2h to complete.
We use the same pipeline since at least 2 years and we did not have this problem before.
Some problematic calls:
createdDate: 2025-01-15T14:50:22.545Z
id: ca0faad3-789a-4842-a8c9-14aa7c2297a9
name: xxxxxx
status: In Progress
--------------------------------------------------
createdDate: 2025-01-15T14:33:06.813Z
id: 22df0da8-70de-4dd9-935d-a26055242014
name: xxxxxx
status: In Progress
--------------------------------------------------
createdDate: 2025-01-15T14:18:36.436Z
id: 5729b836-69f0-4526-b1d2-7743bd4d57a6
name: xxxxxx
status: In Progress
--------------------------------------------------
createdDate: 2025-01-15T14:18:31.716Z
id: 58f3c7a1-96bd-4f5d-8a3c-6860f925659e
name: xxxxxx
status: In Progress
Can anyone check why the tool is taking now way more time than before to process a submission? The app that we are notarizing did not change that much.
Hi there, this is the first time I submitted a Mac app for notarization but looks like all my submissions are stuck in in progress for like one day at the moment. Can anyone help take a look?
This is my submission history:
Successfully received submission history.
history
--------------------------------------------------
createdDate: 2025-01-16T00:23:18.445Z
id: 0581680c-9cfe-4e5b-9cc9-3ba101c9fd52
name: MiniCalendar.zip
status: In Progress
--------------------------------------------------
createdDate: 2025-01-15T05:12:13.480Z
id: 55a03297-491b-4d30-8126-45d488a6beb9
name: MiniCalendar.zip
status: In Progress
--------------------------------------------------
createdDate: 2025-01-15T04:27:40.510Z
id: 092f558f-01d0-48e5-9761-58dda54de23c
name: MiniCalendar.zip
status: In Progress
--------------------------------------------------
createdDate: 2025-01-15T01:12:55.923Z
id: 3aa74a6f-bcb8-4911-9d18-fcbb3e9a6c11
name: MiniCalendar.zip
status: In Progress
This has been going on for at least a couple of hours for us: notarizing doesn't complete. Our last job ran for over 90 minutes before CircleCI timed it out. We're using xcrun notarytool submit with the --wait option; it contined to say "Current status: In Progress" for, as I said, 90 minutes or so. (Normally it takes about 70 seconds.)
https://developer.apple.com/system-status/ says everything is normal. This does not seem to be the case for us. 😄
Normally I get a response from a submit via notarytool within 30 seconds. Today - with a process that worked a few days ago - I don't get any answer, although the system status claims that the service is up and work.
Anybody else, or is it only me?
Hi at all, we started a notarization process and after 3 hours is still in progress.
We are developing a custom login service including custom PAM module. While it initially works correctly after installation on macOS, it becomes blocked by the system during privilege escalation (coreauthd) after unlocking the screensaver.
The custom PAM module has been signed with a Developer ID certificate and submitted for notarization using notarytool.
And passed staple check.
spctl -at open --context context:primary-signature -v
pam_custom.so: accepted
source=Notarized Developer ID
Here are the detail steps:
Install the custom PAM file under /usr/local/lib/pam/.
Ensure SIP (System Integrity Protection) is enabled.
Log in to the Mac using the custom login service developed with the custom PAM module.
Successfully log in.
Open System Settings > Touch ID & Password.
Click Add Fingerprint to trigger local authentication. This local authentication can be passed using Touch ID without invoking the custom PAM.
Cancel adding fingerprints.
Allow the Mac to idle until the screensaver is triggered.
Unlock the screen using the custom PAM.
Go to System Settings > Touch ID & Password and click Add Fingerprint again.
This time, local authentication triggers the custom PAM, but it always fails. The system log shows that the custom PAM is not found.
Related system logs at step 9:
2024-12-25 19:05:05.320264-0800 0x42f3 Error 0x0 0 0 kernel: (AppleMobileFileIntegrity) Library Validation failed: Rejecting '/usr/local/lib/pam/pam_custom.so' (Team ID: none, platform: no) for process 'authorizationhos(941)' (Team ID: N/A, platform: yes), reason: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.
2024-12-25 19:05:05.320629-0800 0x42f3 Error 0x0 0 0 kernel: (AppleMobileFileIntegrity) Library Validation failed: Rejecting '/usr/local/lib/pam/pam_custom.so' (Team ID: none, platform: no) for process 'authorizationhos(941)' (Team ID: N/A, platform: yes), reason: mapped file has no cdhash, completely unsigned? Code has to be at least
ad-hoc signed.
Related system logs at step 11:
2024-12-25 19:05:22.510658-0800 0x41a6 Error 0x0 0 0 kernel: (AppleMobileFileIntegrity) Library Validation failed: Rejecting '/usr/local/lib/pam/pam_custom.so' (Team ID: none, platform: no) for process 'coreauthd(653)' (Team ID: N/A, platform: yes), reason: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.
2024-12-25 19:05:22.510953-0800 0x41a6 Error 0x0 0 0 kernel: (AppleMobileFileIntegrity) Library Validation failed: Rejecting '/usr/local/lib/pam/pam_custom.so' (Team ID: none, platform: no) for process 'coreauthd(653)' (Team ID: N/A, platform: yes), reason: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.
2024-12-25 19:05:22.511624-0800 0x41a6 Default 0x16b99 653 0 coreauthd: (libpam.2.dylib) in openpam_load_module(): no pam_custom.so found
Why does local authentication call the custom PAM after unlocking from the screensaver?
Could this issue also be related to a code signing configuration that needs adjustment?