After years of working flawlessly, notarization stopped working for me. Yesterday It suddenly gave me "Team is not yet configured for notarization", I contacted developer support as advised by the eskimo (no answer yet) but upon trying again today I got the following: Error: HTTP status code: 403. A required agreement is missing or has expired. This request requires an in-effect agreement that has not been signed or has expired. Ensure your team has signed the necessary legal agreements and that they are not expired. I signed the agreement, everything looks clean and nice, no notifications about any agreement pending approval but I still get this error.

Hello, I need to notarize my java application in order to upload it to brew. The files that need to notarize are: "uber.jar" file shell script file without any file type. To my understanding those files are not notarizable files, what can i do in order to solve it?

Greetings, everyone! In case it proves helpful, I've crafted a Bash script to streamline the notarization process. Here's a breakdown of its features: Prompts you to select the app for notarization Offers optional codesigning before notarization Generates a ZIP file for notarization Requests your credentials (Apple ID, Team ID, and app-specific password) Submits the ZIP file for notarization Cleans up by deleting the ZIP file used for notarization Staples the app after notarization Creates a new ZIP file for distribution You can check it out on GitHub: Notarization Assistant

questions about Apple's notarization standards I've found that notarization seems to be based on the team ID, with a shared history. Is my understanding correct? If an app named ABC is initially notarized under team A, and then later updates are notarized under team B, will there be any issues? In my tests, notarizing the same app under teams A and B didn't cause any problems, but I'm curious about potential issues if there's a change in team IDs in the future. Is it possible to delete the notarization history or transfer it to a different team ID?

What is the proper process for notarizing an installer package? I have tried every permutation I can find and it always returns "The signature of the binary is invalid". It's a Qt6 app if that is relevant. I've bundled and signed the app using: macdeployqt myapp.app \ -always-overwrite -verbose=1 \ -hardened-runtime \ -sign-for-notarization=\"$${sign_name}\" \ It verifies OK codesign -v --verify --deep myapp.app myapp.app: valid on disk myapp.app: satisfies its Designated Requirement I have successfully notarized and stapled it: ... The staple and validate action worked! This is where I'm not sure of the proper process. I've used pkgbuild to put the app into .pkg file and successfully signed that using an Installer ID. pkgutil --check-signature myapp-signed.pkg Package "myapp-signed.pkg": Status: signed by a developer certificate issued by Apple for distribution ... On attempting to notarise this packge I get The signature of the binary is invalid for every shared library and the executable in the package. That error message is not very useful so how do I diagnose the issue? So far I've tried a few things I've found on the forum but the error is always the same unhelpful one.

I know I have to be doing something wrong. I've been trying notarize my app for a few days. I've bundled my app and am able to sign with hardened runtime. When I submit for notary with this command /Applications/Xcode.app/Contents/Developer/usr/bin/notarytool submit /path/to/your/file.zip --wait --key "/path/to/your/AuthKey_ABCD1234.p8" --key-id "ABCD1234" --issuer "uuid-issuer-id" it just eventually times out with no feedback or error report.

We have developed a secure desktop app using QT, we are developing and delivering this app for more than 2 years. While deploying app we perform codesigning and notarization of app and we use Ventura on build system. So the issue we observed is that if we install this app on any macOS version below Sonoma it works as expected and in Apparency we can see code signature is verified and also app in notarized. But if we install the same app on Sonoma and check in Apparency, it shows signature can't be verified.

Throws an eroor [2023-12-07 07:55:36 UZT] DBG-X: parameter MetadataChecksum = 62c853b5b00cf96f96576b4d48ce6d0a [2023-12-07 07:55:36 UZT] DBG-X: parameter MetadataCompressed = (suppressed) [2023-12-07 07:55:36 UZT] DBG-X: parameter MetadataInfo = {app_platform=osx, primary_bundle_identifier=ocean.drive.app, device_id=, bundle_identifier=, packageVersion=software5.9, apple_id=, asset_types=[developer-id-package], bundle_version=, bundle_short_version_string=} [2023-12-07 07:55:36 UZT] DBG-X: parameter OSIdentifier = Mac OS X 12.2.1 (x86_64); jvm=14.0.2+12-iTunesOpenJDK-8; jre=14.0.2+12-iTunesOpenJDK-8 [2023-12-07 07:55:36 UZT] DBG-X: parameter PackageName = 0b641208d73f17697b28370fa99ad8a7.itmsp [2023-12-07 07:55:36 UZT] DBG-X: parameter PackageSize = 228662271 [2023-12-07 07:55:36 UZT] DBG-X: parameter StatisticsClientStartDateTimeZoneISO = 2023-12-07T07:55:36+05:00 [2023-12-07 07:55:36 UZT] DBG-X: parameter TransporterArguments = -m upload -u @@@@ -vp json -DTxHeaders=eyJqZW5nYSI6dHJ1ZX0= -sessionid @env:8A006125-AC15-400B-9FC2-C4D609DB7FA1 -sharedsecret hidden value -itc_provider PROVIDER -f /var/folders/g9/kz8cw8b57rg14vlnwhc77j840000gn/T/F75419E9-DDDB-4F74-BC71-B970FD924FB4/0b641208d73f17697b28370fa99ad8a7.itmsp -indicator true -v eXtreme -Dtransporter.client=altool -Dtransporter.client.version=5.329 (1309) [2023-12-07 07:55:36 UZT] DBG-X: parameter Version = 3.3.0 [2023-12-07 07:55:36 UZT] DBG-X: parameter iTMSTransporterMode = upload [2023-12-07 07:55:36 UZT] INFO: id = 20231207075536-140 [2023-12-07 07:55:36 UZT] INFO: iTMSTransporter Correlation Key: f33460ff-fc03-4158-bed2-b2e99ffd521c-0001 [2023-12-07 07:55:36 UZT] DEBUG: SMART-CLIENT: Host HTTP header: contentdelivery01.itunes.apple.com [2023-12-07 07:55:36 UZT] DBG-X: Apple's web service operation return value: [2023-12-07 07:55:36 UZT] DBG-X: parameter Errors = [Unable to process validateMetadata request at this time due to a general error (1019)] [2023-12-07 07:55:36 UZT] DBG-X: parameter RestartClient = false [2023-12-07 07:55:36 UZT] DBG-X: parameter ErrorCode = 1019 [2023-12-07 07:55:36 UZT] DBG-X: parameter ErrorMessage = Unable to process validateMetadata request at this time due to a general error (1019) [2023-12-07 07:55:36 UZT] DBG-X: parameter ShouldUseRESTAPIs = false [2023-12-07 07:55:36 UZT] DBG-X: parameter Success = false [2023-12-07 07:55:36 UZT] ERROR: Unable to process validateMetadata request at this time due to a general error (1019) [2023-12-07 07:55:36 UZT] DBG-X: The error code is: 1019 [2023-12-07 07:55:36 UZT] INFO: JSON:{"msg":{"phase":"Upload","count":2,"description":"Operation failed","index":2},"messageType":"VerifyProgress"} [2023-12-07 07:55:36 UZT] DBG-X: Returning 1 2023-12-07 07:55:36.750 Out: Package Summary: 1 package(s) were not uploaded because they had problems: /var/folders/g9/kz8cw8b57rg14vlnwhc77j840000gn/T/F75419E9-DDDB-4F74-BC71-B970FD924FB4/0b641208d73f17697b28370fa99ad8a7.itmsp - Error Messages: Unable to process validateMetadata request at this time due to a general error (1019) 2023-12-07 07:55:36.797 *** Error: Notarization failed for '/var/folders/g9/kz8cw8b57rg14vlnwhc77j840000gn/T/electron-notarize-LC5Kmm/OceanDrive.zip'. 2023-12-07 07:55:36.797 *** Error: Unable to process validateMetadata request at this time due to a general error (1019) (1019) 2023-12-07 07:55:36.797 *** Warning: altool has been deprecated for notarization and starting in late 2023 will no longer be supported by the Apple notary service. You should start using notarytool to notarize your software. (-1030)

Hi Guys, I am facing a problem I find difficult to debug. I had a company Apple ID, member of team, that I used for notaryzation of an app via: res=$(xcrun notarytool submit ${file_to_notarize} --apple-id stepan.svoboda@memsource.com --password ${password} --team-id PK8H4S4HPF --wait 2>&1) But I will be leaving the company soon so we created new apple ID. desktop@phrase.com We invited this ID to team. And assigned it admin role. I generated app specific password and I am using it with this new apple ID But then running: res=$(xcrun notarytool submit ${file_to_notarize} --apple-id desktop@phrase.com --password ${password} --team-id PK8H4S4HPF --wait 2>&1) Fails with: Error: HTTP status code: 401. Unable to authenticate. Invalid session. Ensure that all authentication arguments are correct. And I run out of ideas what to check, what could be wrong.

Hi, I want to use notarytool to let my installer *pkg being notarized by apple. The app is a swift desktop app, not supposed to be distributed through the app store. It is already signed and notarized through xcode. Verification done and it has been aproved. So the process should be working. I'm facing an issue when using notarytool to store cretentials. I followed the steps for described here https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow My app specific password I created here: https://appleid.apple.com/account/manage When I try to strore credentials I get a 401, what did I miss here? xcrun notarytool store-credentials --verbose [07:21:52.672Z] Debug [MAIN] Running notarytool version: 1.0.0 (32), date: 2023-12-01T07:21:52Z, command: /Applications/Xcode.app/Contents/Developer/usr/bin/notarytool store-credentials --verbose This process stores your credentials securely in the Keychain. You reference these credentials later using a profile name. Profile name: notarytool-pw We recommend using App Store Connect API keys for authentication. If you'd like to authenticate with an Apple ID and app-specific password instead, leave this unspecified. Path to App Store Connect API private key: Switching prompts to app-specific password credentials. Developer Apple ID: <my developer Apple ID> App-specific password for <my developer Apple ID>: <the app specific password I created earlier> Developer Team ID: <my developer team ID> Validating your credentials... [07:31:40.888Z] Info [API] Initialized Notary API with base URL: https://appstoreconnect.apple.com/notary/v2/ [07:31:40.890Z] Info [API] Preparing GET request to URL: https://appstoreconnect.apple.com/notary/v2/test?, Parameters: [:], Custom Headers: private<Dictionary<String, String>> [07:31:40.890Z] Debug [AUTHENTICATION] Delaying current request to refresh app-specific password token. [07:31:40.891Z] Info [API] Preparing GET request to URL: https://appstoreconnect.apple.com/notary/v2/asp?, Parameters: [:], Custom Headers: private<Dictionary<String, String>> [07:31:40.891Z] Debug [AUTHENTICATION] Authenticating request to '/notary/v2/asp' with Basic Auth. Username: <my developer Apple ID>, Password: private<String>, Team ID: <my developer team ID> [07:31:40.892Z] Debug [TASKMANAGER] Starting Task Manager loop to wait for asynchronous HTTP calls. [07:31:41.921Z] Debug [API] Received response status code: 401, message: unauthorized, URL: https://appstoreconnect.apple.com/notary/v2/asp?, Correlation Key: 6WYAHNFB6NYEVPPJOT5KJMNPAE [07:31:41.922Z] Error [TASKMANAGER] Completed Task with ID 2 has encountered an error. [07:31:41.922Z] Debug [TASKMANAGER] Ending Task Manager loop. Error: HTTP status code: 401. Unable to authenticate. Invalid session. Ensure that all authentication arguments are correct.

I am trying to package a Mac Electron app using Electron Forge capabilities. Code signing works fine, but there is a problem with notarising. I get "Finalizing package Failed to staple your application with code: 65". The notarize component of my forge.config.js is: "osxNotarize: { tool: 'notarytool', appBundleId: 'com.ImmersiveDSP.ImmerGo-StudioLive', appleId: process.env.APPLE_ID, appleIdPassword: process.env.APPLE_PASSWORD, teamId: process.env.APPLE_TEAM_ID, }" I provide my Apple ID and the app password in a terminal message together with npm run make. This worked in May this year, but now not. In a JSON response, I do get " reason = "Record not found". Anyone else had this issue and resolved it? Is there a way that I can view my notarize requests and see what the issue is?

Notarizing was working fine on my account, but suddenly stopped working with this error message. I've contacted Apple Developer Program support and they told me it's an internal issue on their side, that their engineers are working on it and that they'll answer me when the engineers have an answer. The thing is, this thing has been going for 3 months. Every time I email the support I get a bot message saying "our engineers are looking into it". And my account still is unable to notarize my app. What's going on? I've message several other Apple Developers and none of them had to deal with this. Why is this happening to my account? This is blocking the launch of my project(https://focuslit.app), which I worked months and have costumers asking about the new features, but I can't release a new version without notarizing. What can I do? I'm seriously thinking about refunding everyone and dropping the project, I never felt this mistreated by a company(which I have all products and used to love) before.

I am having troubles notarizing an installer package. I created an installer package using the pkgbuild and productbuild, and then I tried to notarize it with notarytool, but I got an error message. The error message led me to Use a valid Developer ID certificate, which includes the statement Sign installer packages with a Developer ID Installer certificate The app is signed with the team Developer ID and is notarized (via Xcode). I signed both packages (during pkgbuild and productbuild) with a certificate created when I clicked Mac Installer Distribution in the developer portal, and it created a certificate named "3rd Party Mac Developer Installer: my company" Is this the wrong certificate? If it is the wrong certificate, which one should I create in the developer portal? (I didn't see anything specified as "Developer ID Installer") If it is the right certificate, any idea what I might have done wrong? Note: The reason I am trying to notarize the installer package is because when I tried testing the installer in my test VM, I received the following message (I thought signing the pkg would have prevented this):

I used ChatGPT to help me build a screensaver of 40 images to be shown randomly in Xcode. It works great but I get the error below when trying to deploy it on other Macs. I signed up for a developer account and a Gethub account and thought Xcode was walking me through how to notarize the software but am now stuck. I'm not a true programmer. Can someone assist me in getting this notarized as this is the last thing holding me up from launching my business - granulartraining.com Error - “CyberSecurity Reminders.saver” can’t be opened because Apple cannot check it for malicious software. Thanks. Tom

I have changed our notarization script to use notarytool. See here: https://github.com/mixxxdj/mixxx/blob/32d918a8e64fffea7039356de0fa94799e3fcc7e/packaging/macos/sign_notarize_staple.sh#L30 The workflow run timed out after 5 minutes here: https://github.com/mixxxdj/mixxx/actions/runs/6834172969/job/18586695826 The notarization request is still in progress: https://appstoreconnect.apple.com/notary/v2/submissions/ef8cf93e-c084-43eb-be1d-7ec2f20f9377 I have tried again, with another request that sucks in a the "status": "In Progress" I am using Xcode 13.2.1 and macOS 10.12 as deployment target on macOS 11.7.10 What could have gone wrong?

I've been waiting over an hour at this point—is something down or is the pipeline just really, really backed up?

I have been using XCODE to distribute macOS apps to a few "testers" by Archiving and then using the button Distribute App -> Developper ID -> using automatic signing and uploading to notary service. I am aware that Altool is deprecated and stopped working - and of TN3147 - which explains how to migrate using command line/scripts. However, since I upgraded to XCODE 14.3, I would have thought that the Distribute App button for the archived project no longer uses altool AmI correct? where in XCODE can I check if the Distribute App button uses Notary Tool? or is the only way to transition is to implement the scripts discussed in TN3147 and never use the Distribute App button? after today using Distribute App button - I have been suck in "In-Progress" for more than 1 hour - when I just made a rather small update to the code of this previously notarized app - which usually gets notarize very quickly. I will get into svripts etc. per TN3147 if I have too - but I was just wondering why XCODE 14.3 Distribute App would not be already "wired" to use the notarytoll (as it used to be for altool in previous version? Thanks

When I run notarytool submit in my github workflow, I get what appears to be some kind of segmentation fault. Here's a direct link to the exception output: https://github.com/recyclarr/recyclarr/actions/runs/6594346352/job/17918152266#step:6:43 My project is open source, so you can also view the shell script I use in the workflow itself: https://github.com/recyclarr/recyclarr/blob/update-notary-tool/ci/notarize.sh The script above contains this: #!/usr/bin/env bash set -xe user="$1" pass="$2" teamId="$3" archivePath="$4" function submit() { xcrun notarytool submit --wait \ --apple-id "$user" \ --password "$pass" \ --team-id "$teamId" \ recyclarr.zip | \ awk '/id: / { print $2;exit; }' } function log() { xcrun notarytool log \ --apple-id "$user" \ --password "$pass" \ --team-id "$teamId" \ "$1" } tar -cvf recyclarr.tar "$archivePath" zip recyclarr.zip recyclarr.tar submissionId="$(submit)" rm recyclarr.zip recyclarr.tar if [[ -z "$submissionId" ]]; then exit 1 fi echo "Submission ID: $submissionId" until log "$submissionId" do sleep 2 done The error (from the workflow run) is: 2023-10-21 01:24:18.817 notarytool[4894:25434] *** Terminating app due to uncaught exception 'NSFileHandleOperationException', reason: '*** -[_NSStdIOFileHandle writeData:]: Broken pipe' *** First throw call stack: ( 0 CoreFoundation 0x00007ff8106c4773 __exceptionPreprocess + 242 1 libobjc.A.dylib 0x00007ff810424bc3 objc_exception_throw + 48 2 Foundation 0x00007ff8115b5962 -[NSConcreteFileHandle readDataUpToLength:error:] + 0 3 Foundation 0x00007ff811497590 -[NSConcreteFileHandle writeData:] + 263 4 notarytool 0x000000010bcff026 notarytool + 462886 5 notarytool 0x000000010bcb780d notarytool + 169997 6 notarytool 0x000000010bcd37c6 notarytool + 284614 7 notarytool 0x000000010bcea719 notarytool + 378649 8 notarytool 0x000000010bcd3d19 notarytool + 285977 9 notarytool 0x000000010bcd2a4e notarytool + 281166 10 notarytool 0x000000010bcd5009 notarytool + 290825 11 notarytool 0x000000010bc8fe66 notarytool + 7782 12 dyld 0x000000011781b52e start + 462 ) libc++abi: terminating with uncaught exception of type NSException I do not get this error when I run this script directly on my 2023 MBP. It only appears to happen in my github workflow. Is this a bug in notarytool? Notarization appears to still complete, and I also get a submission ID I can use for the notarytool log command I run after.

Ok so I've just swapped over from altool to notarytool and submitted my first app, notarytool tells me Successfully uploaded, and having waited 30mins (which would be some sort of record wait for altool) info tells me status:Accepted I notice elsewhere that there are comments that the first submission can take some time - even days - but as I've done A LOT of notarizing over the last couple of years I wouldnt classify myself as submitting my first request... or is that more properly "my first request with notarytool"? If so - happy to sit and wait for a couple of days this first time thru....

Hi there, I'm in a process to move from altool to notarytool, following information found at TN3147. First, TN3147 says the team-id is optional if my account has only one team membership, which is the case, but the notarytool says it's mandatory and I do have to use it (not an issue). Now, the issue I face: $ security unlock-keychain -p prorogue-stake-unused /Users/comp/Library/Keychains/my.keychain $ xcrun altool --username $APPLEID --password "@keychain:MYPASSWORD" --notarization-history 0 .. it displays the notarization history as expected .. but: $ xcrun notarytool history --apple-id $APPLEID --team-id $TEAMID --password "@keychain:MYPASSWORD" Error: HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct. The password is supposed work with both tools, according to TN3147. What am I missing? Besr regards,