I am runnning persistent notarization issues with my macOS Electron application. Despite multiple attempts to resolve these issues, the notarization status remains "Invalid," and the errors in the report are consistent. What I'm doing Sign the code like this codesign --sign "Apple Distribution: Name Lastname (123456)" --deep --force --timestamp=auto path/to/Application.app I then get: Application.app: replacing existing signature I then verify the signing with: codesign --verify --deep --strict --verbose=4 path/to/Application.app I then get: --prepared:/path/to/Application.app/Contents/Frameworks/SomeFramework.framework --validated:/path/to/Application.app/Contents/Frameworks/SomeFramework.framework --prepared:/path/to/Application.app/Contents/Frameworks/AnotherFramework.framework --validated:/path/to/Application.app/Contents/Frameworks/AnotherFramework.framework Application.app: valid on disk Application.app: satisfies its Designated Requirement I then build: npm build I then package: zip -r Application.zip Application.app I then upload: xcrun notarytool submit Application.zip --apple-id your-apple-id --team-id your-team-id --password your-app-specific-password Then I check for status and I get: Successfully received submission info createdDate: 2024-08-15T18:21:31.520Z id: 55daf39a-4be9-4dd6-a490-1890d33f9e75 name: Application.zip status: Invalid In the report generated I get issues like: "path": "path/to/Application.app/Contents/Frameworks/SomeFramework.framework/SomeFramework", "message": "The signature of the binary is invalid.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735", "architecture": "arm64" and "path": "path/to/Application.app/Contents/Frameworks/SomeFramework.framework/Versions/Current/Helpers/chrome_crashpad_handler", "message": "The signature does not include a secure timestamp.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733", "architecture": "arm64" What am I doing wrong? I tried signing each issue separately and rerun the entire process, it's not working.

Hi everyone, Been working with Apple's notarization process for a while, and we've recently noticed some unexpected behavior. It seems like the notarization service might be looking inside ZIP archives contained within my app's distribution package. In the past, we don't recall the notarization process digging into ZIP files like this—only the main app bundle and its contents were scanned for signatures. Has there been a recent change or update to the notarization service that now includes inspecting files within ZIP archives? If so, are there specific guidelines or documentation updates regarding this change? Can anyone point me to what to expect and how to adjust my workflow accordingly. While "signing all the files" is the default answer, is there a more cohesive answer to this question? Thanks

I submitted my macOS app for notarization. Here's what I see: Successfully received submission info createdDate: 2024-08-21T11:25:46.063Z id: 9e787992-5737-4ca8-b8b5-23d267f6476c name: MacOSapp.zip status: Accepted What does it mean? Are there more stages in this process? The reason I am asking is because trying to staple a ticket gives me 'error 65' which means there is no ticket.

I've the common "Team is not yet configured for notarization" issue and I've had it since the beginning of last year, where I contacted Apple about the issue, after going through some generalized useless advice that the support agent gave me I was finally able to escalate the issue and they supposedly had their "engineers" working on it. About every month I would send 1-2 emails asking for status update and everytime the response was "the engineers are working on it", and about the 8th-9th month they stopped responding. Now I've paid for developer program again, I have the same issue, it has not been fixed. I am in fact being scammed at this point and I've opened an issue via the provided link in the related thread below, it's been a week, Apple has not responded and the fact is, this is the worst platform to develop for. I really am starting to hate this company.

Hi all — Hoping you all have insights on notarization. We are a small startup using Apple Business Essentials as our company MDM, managing our fleet of Macs. ABE has the capability (as with every MDM) to deploy custom software to those Macs via .pkg files. We create the package files with no problem, and also codesign them with no problem. We discovered that the Macs will fail to install the packages if the package is not notarized (which makes sense from the perspective of Gatekeeper). Notarizing the package was easy. Submitting them is easy. But the processing time has been crazy! I've read from posts here that the first submissions can take a long time, and indeed ours did — iirc, about 48 hours. But the pattern has continued. Our most recent submission (submission id 2a714bbf-83e7-4a25-b936-e002c94e1704 if someone from Apple is reading) has now taken almost 4 days and is still In Progress. I have no idea how to resolve this, or even to understand what's holding up the submission. Anyone have any ideas? We are not intending to deploy any of these packages to the public (only to our corporate Macs). I'd love to avoid the notarization but it doesn't seem possible. Any ideas?

Hi everyone, I'm hearing online that the macOS App Notarization service won't work for some Chinese app developers. They say that personal Apple Developer accounts in China (supposedly having membership subscription) are restricted from using this service or their macOS apps won't pass notarization process probably due to some "strict legal regulations". I want to ask if this is true? Or is it just they failed to follow some of the technical requirements of this process?

I have been trying to notarize an app since yesterday tried about 20 times at various times of the day. Most times it stops during the upload and produces an error message "Couldn't communicate with a helper application" which occurs at various places while downloading. Three times the upload appeared to complete but then produced an error "This operation could not be completed (SotoS3.S3ErrorType.Multipart.error.1 I then looked in the status log which had several entries: Prepared archive for uploading (green check to left) Upload failed (red x to left) Notary error (red x to left) The operation couldn't be completed (SotoS3.S3ErrorType...) In Progress (grey timer icon to left)

Hi there, I've been working on a JUCE audio plugin project and have created an installer for the demo to release to the public outside of the App Store. I have built the various forms of the plugin in Xcode (standalone, AU, vst3) and have the automatic signing set up with a Developer ID Application certificate. I have been using WhiteBox Packages to create the installer to install the AU component and the vst3 on a user's computer. I can successfully sign the installer with a Developer ID Installer certificate but when I submit it for notarization, the status returns as "invalid". When looking at the Notarytool log, it says that the binary is not signed with a valid Developer ID certificate for all versions of the plugin (for AU & vst3, and both architectures, arm64 & x86_64, as well). I can use codesign and pkgutil to confirm that the files and installer are both signed including the contents within both the AU and vst3 bundles, but the notarization still fails. I have tried to notarize just a zipped version of the plugin but that fails too. In the Customizing The Notarization Workflow documentation, it is mentioned that custom third-party installers need two rounds of notarization. I'm assuming Packages is a custom third-party installer but I don't see how two rounds of notarization is possible when I can't even notarize a zipped version of the plugin. I am still new to Xcode and Apple Developer so there is a possibility that it's something I missed or didn't do. I've read through quite a few other posts on both this forum and the JUCE forum about similar problems but I haven't found a solution that has worked so if anyone has any ideas on how to potentially get my installer notarized, I'd greatly appreciate the advice. Thanks.

Im using a git actions CI/CD pipeline for my automated deployment and I'd like to include notarisation in this process. Right now when I'm submitting for notarisation manually/locally it's taking around 24 hours and then is eventually successfully accepted. \ Using a git actions server to do this has a cost per minute (and an even higher cost at 10x per minute for a Mac-OS machine), so notarising with a 24hr turn around time is not feasible. Ive submitted my application many times and it's been the same experience each time taking around 24 hours and then being accepted. How can I shorten the time frame on this or even find out what I might be doing wrong to cause such a long time for a response? here my log: { "logFormatVersion": 1, "jobId": "3ccf4652-60dc-4fd1-b281-23d49b2b7bb1", "status": "Accepted", "statusSummary": "Ready for distribution", "statusCode": 0, "archiveFilename": "AudioMap.dmg", "uploadDate": "2024-07-14T16:51:02.848Z", "sha256": "614c5992133d61094b39b6a5d00a225d2fc7efe78ab0e59cd47c78275602cb59", "ticketContents": [ { "path": "AudioMap.dmg", "digestAlgorithm": "SHA-256", "cdhash": "9d4f500a2fd49769b99f921d3fbe8ef753604abe" }, { "path": "AudioMap.dmg/AudioMap.app", "digestAlgorithm": "SHA-256", "cdhash": "b1fa9c86be805ef28c645f3b03631e2e5873ce77", "arch": "arm64" }, { "path": "AudioMap.dmg/AudioMap.app/Contents/Frameworks/libsodium.26.dylib", "digestAlgorithm": "SHA-256", "cdhash": "6228e3fdcd29c080ae45d1bc5a6af10960db8938", "arch": "arm64" }, { "path": "AudioMap.dmg/AudioMap.app/Contents/MacOS/AudioMap", "digestAlgorithm": "SHA-256", "cdhash": "b1fa9c86be805ef28c645f3b03631e2e5873ce77", "arch": "arm64" }, { "path": "AudioMap.dmg/AudioMap.app/Contents/Frameworks/libsodium.26.dylib", "digestAlgorithm": "SHA-256", "cdhash": "6228e3fdcd29c080ae45d1bc5a6af10960db8938", "arch": "arm64" } ], "issues": null }

I've tried to notarize my app recently and got the error:{ "logFormatVersion": 1, "jobId": "...", "status": "Rejected", "statusSummary": "Team is not yet configured for notarization", "statusCode": 7000, "archiveFilename": "myapp.dmg", "uploadDate": "2019-06-20T06:24:53Z", "sha256": "...", "ticketContents": null, "issues": null }I've never heard about "team configuration for notarization" previously. What are the steps to resolve that issue?Thanks in advance.

macOS application Mulligan's Eagle (403115926) macOS deployment - macOS 10.14 (Mojave) through Sonoma 14.5 macOS targets - Mac App Store, ad hoc direct drag-to-install image Xcode version 15.4, various development Macs (Intel, M1, M2) Eagle delivered since pre-Mac App Store days - derived from System 7 MacApp development. App most recently delivered with min system Mac OS 10.12 through current Sonoma 14.5, dual target for Mac App Store automatically signed with Apple Development credentials and for outside release automatically signed with Developer ID credentials. Recent revisions to the software to bump min system to 10.14 (Mojave) with typical continuing development for tech, reqm'ts, etc. Updates (a couple since previous release) to Xcode - now using version 15.4, which recommended some config changes that made sense, except min system. Popular application with lots of older (uh... elder) users running Macs servicing golfers. The application is ready to distribute with automatic signing, but wasn't able to do so with Developer ID credentials, but Xcode note (and reading of tips in this forum and my poor understanding) managed to submit for notarization - failed. Tried to manually sign... and reviewed signing info in Xcode... So I reviewed Certificate(s) etc. that should have been used when previously signing Dev ID for notarization and release. I have (I think) six Developer ID Application certs and six Developer ID Installer certs and I can't find any combination of those certificates - some with duplicate dates or expirations - that allows me to use one to automatically sign code to notarization or delivery. What do I do? I've lived a peaceful solo developer life for 25 years delivering and signing code for the Mac and as long as iOS has existed. I'm terrified about this issue however... My early Mac OS using customers (since Lion - pre sandbox) still have serial numbers for this software and have bought a Mac every 6 - 10 years so they could get my latest release. We've never required that they re-purchase from the App Store... they have a perpetual license. Sandboxing was a shock they never felt - we kept delivering updates to them and if they decided sandboxing mattered, they purchased from Apple and we included the container-migration entitlement in the App Store version to move their data to the new sandbox. Pretty slick. Until we built an install disk to test it on an unsandboxed version of Eagle in our office. It "lost" its data - vanished by remaining in the old Application Support directory while the new hardened runtime version looked for it in the sandbox - finding nothing. Just imagine encountering that if you're 80 years old running a golf league. How can I "reset" the futzed-up certificate Developer ID mess? I have multiple machines, all with varying subsets of what seem to be good certificates. And Xcode builds new provisioning profiles just for the heck of it, it seems. I'm afraid to revoke or throw out any certificates because I can't tell which ones are good, bad or duplicates - they're all valid. And I can't create any more Developer ID certs because there's a max to control certificate-miscreants like me (yes, I've read Quinn's protection of your Dev ID note - I screwed it up with only 1 employee). I depend on automatic signing because I'm still, after 58 years of coding, just a novice. Is it true that I should still specify in my build settings that I'm using Developer ID credentials for my ad hoc development and distribution schemes? And that the proper settings for those should NOT enable hardened runtime or app sandboxing? Sorry for my intensity here.... It's been 2 weeks since App Review bonked an initial submission with just an "it's broken" reject message, and DTS decided this is not such an emergency that the Developer Forum shouldn't be able to handle it. I'm truly hoping it's so.

Hi, We are running xcrun staple on our pkg file. It gives the following message We do not know how to deal with trailer version 9262. Exepected 1 Terminator Trailer size must be 0, not 1737 {magic: t8lr, version: 1, type: 2, length: 1737} Found expected ticket at 8164385 with length of 1737 Sig Type is RSA. Length is 3 Sig Type is CMS. Length is 3 Package mypkg.pkg uses a checksum of size 20 *The staple and validate action worked!* However, the command returns with -1 error code. So, the questions I have are: What does this return response mean? Do we consider this as a success of failure scenario (specially because the message "...action worked"

Hi, I am totally unaware of the new notarize mechanism and generally starting to sign my application after having ported it to M2. I want to distribute the app without App Store - yet. My application is an open source tool or better a more complex tool for the software development that contains dylibs and frameworks all within an app bundle. I am using wxWidgets and stumbled upon the build process using install_name_tool temporary for each bundle and probably all libraries that I place into the application bundle to have an @executable_path and not an absolute path. That works so far, but the notarize tool or better checking it with spctl rejects it. A further test with spctl --assess or the like, I have the command lost, shows that are resources missing and I have a hint to use @rpath entries to be added. I am using makefiles and a custom make system where I build up the make commands for each target. I won't modify the rules for each target type, if I could do this in a post build step for all the contents of the app bundle. I have therefore a shell script that handles that additional task yet until code signing and it looks like as follows: #!/bin/sh # Copies together files for the Mac OS X application bundle and created a disk image export prefix=$1 export VERSION=1.3.4 cp ../../../Database/*.sql wxWrapper.app/Contents/Resources cp splash.png wxWrapper.app/Contents/Resources mkdir wxWrapper.app/Contents/Resources/XSLT cp -R ../../../AppDevelopmentDemo/DynamicApp/XSLT_Templates/include wxWrapper.app/Contents/Resources/XSLT/include cp -R ../../../AppDevelopmentDemo/DynamicApp/XSLT_Templates/DMFToXMI wxWrapper.app/Contents/Resources/XSLT/DMFToXMI cp -R ../../../AppDevelopmentDemo/DynamicApp/XSLT_Templates/XMIToDMF wxWrapper.app/Contents/Resources/XSLT/XMIToDMF cp -R ../../../AppDevelopmentDemo/DynamicApp/XSLT_Templates/lbDMFDataViewModel wxWrapper.app/Contents/Resources/XSLT/lbDMFDataViewModel cp -R ../../../AppDevelopmentDemo/DynamicApp/XSLT_Templates/lbDMFFixedFormular wxWrapper.app/Contents/Resources/XSLT/lbDMFFixedFormular cp -R ../../../AppDevelopmentDemo/DynamicApp/XSLT_Templates/TurboVision wxWrapper.app/Contents/Resources/XSLT/TurboVision cp -R ../../../AppDevelopmentDemo/DynamicApp/XSLT_Templates/wxActiveRecords wxWrapper.app/Contents/Resources/XSLT/wxActiveRecords cp -R ../../../AppDevelopmentDemo/DynamicApp/XSLT_Templates/wxLua wxWrapper.app/Contents/Resources/XSLT/wxLua cp ../../../AppDevelopmentDemo/DynamicApp/XSLT_Templates/include/XMISettingsTemplate.xsl wxWrapper.app/Contents/Resources/XSLT/XMIToDMF/XMISettings.xsl cp -R ../../../AppDevelopmentDemo/DynamicApp/UMLSamples wxWrapper.app/Contents/Resources mkdir wxWrapper.app/Contents/Resources/toolbarimages # UGLY! Using environment that also is properly defined while jenkins build is better cp -R $prefix/lib wxWrapper.app/Contents cp -R $prefix/plugins wxWrapper.app/Contents/Resources # How to access them? cp toolbarimages/*.xpm wxWrapper.app/Contents/Resources/toolbarimages cp toolbarimages/*.png wxWrapper.app/Contents/Resources/toolbarimages #cp -R `wx-config --prefix`/lib/lib`wx-config --basename`-`wx-config --release`.0.6.0.dylib wxWrapper.app/Contents/lib #cp -R `wx-config --prefix`/lib/lib`wx-config --basename`-`wx-config --release`.0.dylib wxWrapper.app/Contents/lib cp -R `wx-config --prefix`/lib/lib`wx-config --basename`-`wx-config --release`.*.dylib wxWrapper.app/Contents/lib cp -R `wx-config --prefix`/lib/lib`wx-config --basename`-`wx-config --release`.dylib wxWrapper.app/Contents/lib cp Info.plist wxWrapper.app/Contents codesign -f -v -s "Lothar Behrens" wxWrapper.app/Contents/Frameworks/lbHook.framework/Versions/A/lbHook codesign -f -v -s "Lothar Behrens" wxWrapper.app/Contents/Frameworks/wxJson.framework/Versions/A/wxJson codesign -f -v -s "Lothar Behrens" wxWrapper.app/Contents/Frameworks/wxWrapperDLL.framework/Versions/A/wxWrapperDLL codesign -f -v -s "Lothar Behrens" wxWrapper.app/Contents/lib/* codesign -f -v -s "Lothar Behrens" wxWrapper.app/Contents/Resources/plugins/* xattr -cr wxWrapper.app codesign -f -v -s "Lothar Behrens" wxWrapper.app/Contents/MacOS/wxWrapper #codesign -dvv wxWrapper.app codesign -f -v -s "Lothar Behrens" wxWrapper.app #spctl -a -t exec -vvvv wxWrapper.app #codesign -dvv wxWrapper.app #codesign -vv --deep-verify wxWrapper.app # Creating a new diskimage hdiutil create -ov -size 200m -volname lbDMF-$VERSION lbDMF-$VERSION-`uname -p`.dmg -fs HFS+ sleep 5 hdiutil attach lbDMF-$VERSION-`uname -p`.dmg # Copy stuff #mkdir /Volumes/lbDMF-$VERSION/`uname -p` #cp -R wxWrapper.app /Volumes/lbDMF-$VERSION/`uname -p` cp -R wxWrapper.app /Volumes/lbDMF-$VERSION mkdir /Volumes/lbDMF-$VERSION/toolbarimages cp toolbarimages/*.xpm /Volumes/lbDMF-$VERSION/toolbarimages cp toolbarimages/*.png /Volumes/lbDMF-$VERSION/toolbarimages cp ../../../COPYING /Volumes/lbDMF-$VERSION cp ../../../license-bindist.txt /Volumes/lbDMF-$VERSION cp ../../../AppDevelopmentDemo/DynamicApp/Doc/ApplicationprototypingDokumentation.pdf /Volumes/lbDMF-$VERSION/ # Copying templates to an accessable place cp -R wxWrapper.app/Contents/Resources/XSLT /Volumes/lbDMF-$VERSION/ cp -R wxWrapper.app/Contents/Resources/UMLSamples /Volumes/lbDMF-$VERSION/ mkdir /Volumes/lbDMF-$VERSION/.lbDMF cp -R wxWrapper.app/Contents/Resources/*.sql /Volumes/lbDMF-$VERSION/.lbDMF cat <<EOF >> /Volumes/lbDMF-$VERSION/Readme.txt Dear Mac user! ... Thanks Lothar Behrens EOF rm -rf `find /Volumes/lbDMF-$VERSION -name CVS -print` hdiutil detach /Volumes/lbDMF-$VERSION rm lbDMF-$VERSION lbDMF-$VERSION-`uname -p`.dmg.zip zip lbDMF.dmg.zip lbDMF-$VERSION lbDMF-$VERSION-`uname -p`.dmg mv lbDMF.dmg.zip lbDMF-$VERSION-`uname -p`.dmg.zip code-block Testing the app bundle shows this: spctl --assess -vvvvv --type execute wxWrapper.app wxWrapper.app: rejected origin=Apple Development: Lothar Behrens (********) I need some help where to insert a proper notary tool command and a proper check before uploading that I can see, if I could do so. Despite that I haven't had an active developer ID, I have that now and need to setup the Developer ID Distribution certificate into the keychain. So I plan to add the @rpath values per framework/dylib/so as additional commands into the shell script above. But how can I best verify for successful usage of notary tool? Any help? Thanks, Lothar

I am getting rejected while notarizing. { "logFormatVersion": 1, "jobId": "123456-123456-123456-123456", "status": "Rejected", "statusSummary": "Team is not yet configured for notarization. Please contact Developer Programs Support at developer.apple.com under the topic Development and Technical / Other Development or Technical Questions.", "statusCode": 7000, "archiveFilename": "AppName.dmg", "uploadDate": "2024-07-26T18:51:25.866Z", "sha256": "a37cd79", "ticketContents": null, "issues": null } Do let me know how I can configure my team for notarization. File size is 103 MB. Made in Electron + Vue.

I am using Github Actions for signing and notarizing, but it's been stuck on notarizing for hours. I cancelled and retried but same thing happens. I am using Tauri which is running the notarize scripts. Here is my main.yml: name: macOS Build Script on: push: branches: - 'main' permissions: contents: write issues: write pull-requests: write jobs: build: runs-on: macos-latest steps: - name: Checkout repository uses: actions/checkout@v2 - name: Install Rust uses: actions-rs/toolchain@v1 with: toolchain: stable profile: minimal override: true - name: Install Node.js uses: actions/setup-node@v2 with: node-version: '20' - name: Install Node.js Dependencies run: npm install - name: Build the App run: npm run tauri build - name: List build artifacts run: | echo "Build artifacts:" ls -R src-tauri/target/release/bundle/ - name: Create Release uses: tauri-apps/tauri-action@v0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} with: tagName: app-v__VERSION__ releaseName: 'App v__VERSION__' releaseBody: 'macOS build. See the assets to download this version and install.' releaseDraft: true prerelease: false - name: Create Release Manually if: failure() uses: actions/create-release@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: tag_name: app-v0.0.0 release_name: App v0.0.0 (macOS) draft: true prerelease: false id: create_release - name: Upload Release Asset if: failure() uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: ./src-tauri/target/release/bundle/dmg/mac-app_0.0.0_x64.dmg asset_name: mac-app_0.0.0_x64.dmg asset_content_type: application/x-apple-diskimage

notarytool-2024-07-23-143951.ips I notarytool-2024-07-23-105410.ips have two Mac machines and running the same Python script as a CGI script in an Apache webserver (httpd) installed via Homebrew. The Python script calls the subprocess.run() method to call the notarytool via xcrun. On one server the script runs as expected in the webserver environment and on the other machines it gets an exit code (-)4; SIGILL. On the machines where it fails, the notarytool command works from console, as expected. Additionally, it works if I run the script directly with Python in the console. I launch the same command in a Perl script in the webserver and the same exit code / issue occured. I have the same installed version and setup on both servers for Homebrew Apache Webserver (httpd) Python version (3.9.6) xcrun --version: xcrun version 61. xcrun notarytool --version: 1.0.0 (27) the Mac machines are identical, both are bought and set up at the same time The see similar topics at: https://forums.developer.apple.com/forums/thread/724995 Notarytool was used on a machine as an agent via Jenkins job https://github.com/moses-palmer/pynput/issues/366#issuecomment-1364470827 used Python, gets the same exit code, used in multi-thread environment (maybe like a webserver)

For a few days now, notarytool is crashing whenever I'm running one of my Jenkins jobs where notarytool is called from a shell script. Based on the debug log, the crash appears round at the time that the upload of the binary to be notarized is attempted. When a runloop should be started to run the upload via an async http request: Debug [TASKMANAGER] Starting Task Manager loop to wait for asynchronous HTTP calls. The specific job setup looks like this: Jenkins Job › Run shell script phase › Shell script › Second shell script › notarytool call. Running the notarytool directly from Terminal works and completes as expected. Crashlog Snippet: Path: /Applications/Xcode-14.2.app/Contents/Developer/usr/bin/notarytool Identifier: notarytool Version: ??? Code Type: X86-64 (Native) Parent Process: launchd [1] Responsible: java [428] OS Version: macOS 12.6.2 (21G320) Crashed Thread: 1 Dispatch queue: com.apple.NSURLSession-work Exception Type: EXC_BAD_INSTRUCTION (SIGILL) Exception Codes: 0x0000000000000001, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: Namespace SIGNAL, Code 4 Illegal instruction: 4 Terminating Process: exc handler [18889] Application Specific Signatures: API Misuse Thread 1 Crashed:: Dispatch queue: com.apple.NSURLSession-work 0 libxpc.dylib 0x7ff81aa2720e _xpc_api_misuse + 117 1 libxpc.dylib 0x7ff81aa128bb xpc_connection_set_target_uid + 193 2 AppSSOCore 0x7ff8264facaa -[SOServiceConnection _connectToService] + 533 3 AppSSOCore 0x7ff8264faa6f -[SOServiceConnection initWithQueue:] + 102 4 AppSSOCore 0x7ff8264fa98a -[SOClient init] + 122 5 AppSSOCore 0x7ff8264fa855 -[SOConfigurationClient init] + 180 6 AppSSOCore 0x7ff8264fa78c __38+[SOConfigurationClient defaultClient]_block_invoke + 16 7 libdispatch.dylib 0x7ff81ab1c317 _dispatch_client_callout + 8 8 libdispatch.dylib 0x7ff81ab1d4fa _dispatch_once_callout + 20 9 AppSSOCore 0x7ff8264fa77a +[SOConfigurationClient defaultClient] + 117 10 AppSSOCore 0x7ff8264fa6af +[SOAuthorizationCore _canPerformAuthorizationWithURL:responseCode:callerBundleIdentifier:useInternalExtensions:] + 130 11 AppSSOCore 0x7ff8264f9df0 appSSO_willHandle + 64 Back in January the exact same setup was still working. Same macOS version. Xcode version might have been different. Would really appreciate some help since for now re-implementing notarytool appears to be the only solution.

After my application was singed on the mac runner, I got an error when my application was uploaded from my Mac runner to the Notarization service. Here is my error: Notarization ended with response: {"uuid":"my_uid","notarizationStatus":{"status":"ERROR","message":"Error happened while uploading file to Apple notarization service","moreInfo":"net.jodah.failsafe.FailsafeException: java.util.concurrent.ExecutionException: Error while parsing the output after the upload of the file to be notarized"}} Does anyone know how to fix it? Thank you very much!

codesign --sign "Apple Development: deok cheul kim (DK46XUS3ZB)" --deep --force --options=runtime --entitlements ./entitlements.plist --timestamp ./mediasend_PC_module_mac_V1.app codesign -vvv --deep --strict mediasend_PC_module_mac_V1.app mediasend_PC_module_mac_V1.app: valid on disk mediasend_PC_module_mac_V1.app: satisfies its Designated Requirement spctl --assess --type execute --verbose mediasend_PC_module_mac_V1.app mediasend_PC_module_mac_V1.app: rejected xcrun notarytool store-credentials "kdcProfile" --apple-id "kdc07..." --password "emfc-lmhz-kynx-xqyy" ditto -c -k --sequesterRsrc --keepParent mediasend_PC_module_mac_V1.app mediasend_PC_module_mac_V1.zip xcrun notarytool submit "mediasend_PC_module_mac_V1.zip" --keychain-profile "kdcProfile" --wait Conducting pre-submission checks for mediasend_PC_module_mac_V1.zip and initiating connection to the Apple notary service... Submission ID received id: 431e50cc-131a-48eb-be1e-6e1139dea347 Upload progress: 100.00% (15.7 MB of 15.7 MB) Successfully uploaded file id: 431e50cc-131a-48eb-be1e-6e1139dea347 path: /Users/sinaburo7/Desktop/appleCert/mediasend_PC_module_mac_V1.zip Waiting for processing to complete. Current status: Invalid............ Processing complete id: 431e50cc-131a-48eb-be1e-6e1139dea347 status: Invalid xcrun notarytool log 431e50cc-131a-48eb-be1e-6e1139dea347 --keychain-profile "kdcProfile" { "logFormatVersion": 1, "jobId": "431e50cc-131a-48eb-be1e-6e1139dea347", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "mediasend_PC_module_mac_V1.zip", "uploadDate": "2024-04-30T04:19:29.294Z", "sha256": "0661974c3a2e073ab21b15bd0c65a8647bfe756fa42e07d2bb0522a20850de32", "ticketContents": null, "issues": [ { "severity": "error", "code": null, "path": "mediasend_PC_module_mac_V1.zip/mediasend_PC_module_mac_V1.app/Contents/MacOS/mediasend_PC_module_mac_V1", "message": "The binary is not signed with a valid Developer ID certificate.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721", "architecture": "arm64" }, { "severity": "error", "code": null, "path": "mediasend_PC_module_mac_V1.zip/mediasend_PC_module_mac_V1.app/Contents/Frameworks/libtcl8.6.dylib", "message": "The binary is not signed with a valid Developer ID certificate.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721", "architecture": "arm64" }, { "severity": "error", "code": null, "path": "mediasend_PC_module_mac_V1.zip/mediasend_PC_module_mac_V1.app/Contents/Frameworks/libssl.3.dylib", "message": "The binary is not signed with a valid Developer ID certificate.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721", "architecture": "arm64" }, . . . . . This is how it went. I don't know why the error occurs. For reference, the python app was installed using the script below. pyinstaller --onedir --hidden-import=PIL --hidden-import=flask --hidden-import=psutil --hidden-import=requests --name mediasend_PC_module_mac_V1 --icon=logo3_iMf_icon.icns --noconsole --add- data="logo3_iMf_icon.icns:." --add-data="logo.png:." --add-data="wifi.gif:." --add-data="sleep.gif:." -d all album_mac.py

Up until about 6 months ago, I was receiving the Apple success or failed email notifications. I no longer get them and can't figure out why. I checked my email rules and even the quarantine in Exchange. What can cause this and what else can I check? I am an Admin on the account but not the Account holder though.