Notarization

RSS for tag

Notarization is the process of scanning Developer ID-signed software for malicious components before distribution outside of the Mac App Store.

Notarization Documentation

Post

Replies

Boosts

Views

Activity

Inquiry About Using notarytool on a Separate Machine for Notarizing macOS Apps
Hello, I am currently developing a macOS application using macOS 10.15.7 and Xcode 11.1. My application is distributed directly to users via a server, not through the App Store. I recently came across the following announcement: "Starting November 1, 2023, the Apple notary service no longer accepts uploads from altool or Xcode 13 or earlier. If you notarize your Mac software with the Apple notary service using the altool command-line utility or Xcode 13 or earlier, you need to transition to the notarytool command-line utility or upgrade to Xcode 14 or later." Given this change, I understand that I need to use notarytool or upgrade to Xcode 14 or later for notarization. However, upgrading my current development environment is not feasible at the moment. I would like to know if it is possible to build my application on my current environment (macOS 10.15.7 and Xcode 11.1) and then transfer the built application to a separate machine running macOS 11.0 or later with Xcode 14 or later installed, to perform the notarization using notarytool. Could you please confirm if this approach is acceptable and if there are any specific steps or considerations I should be aware of when using notarytool on a separate machine for notarizing my application? Thank you for your assistance. Best regards, WJohn
1
0
578
Jul ’24
xcrun notarytool store-credentials -> HTTP status code: 401. Invalid credentials error
Hi, I am getting following error from following command, although I am 100% sure that I am entering the right credentials: Command: xcrun notarytool store-credentials "MY_PROFILE" --apple-id “***” --team-id "yyy" --password "zzz" Error: Error: HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct. ***->https://appleid.apple.com/account/manage/email and phone number -> apple id email (email address used for developer account) yyy->https://developer.apple.com/account#MembershipDetailsCard/Team ID -> 10 digit nummer zzz->https://appleid.apple.com/account/manage/App-Specific Passwords created and used I just copy pasted every single item from the defined locations above. I would appreciate for an answer. Best Regards
2
0
770
Jul ’24
Notarisation taking around 24hours then accepted
Im using a git actions CI/CD pipeline for my automated deployment and I'd like to include notarisation in this process. Right now when I'm submitting for notarisation manually/locally it's taking around 24 hours and then is eventually successfully accepted. \ Using a git actions server to do this has a cost per minute (and an even higher cost at 10x per minute for a Mac-OS machine), so notarising with a 24hr turn around time is not feasible. Ive submitted my application many times and it's been the same experience each time taking around 24 hours and then being accepted. How can I shorten the time frame on this or even find out what I might be doing wrong to cause such a long time for a response? here my log: { "logFormatVersion": 1, "jobId": "3ccf4652-60dc-4fd1-b281-23d49b2b7bb1", "status": "Accepted", "statusSummary": "Ready for distribution", "statusCode": 0, "archiveFilename": "AudioMap.dmg", "uploadDate": "2024-07-14T16:51:02.848Z", "sha256": "614c5992133d61094b39b6a5d00a225d2fc7efe78ab0e59cd47c78275602cb59", "ticketContents": [ { "path": "AudioMap.dmg", "digestAlgorithm": "SHA-256", "cdhash": "9d4f500a2fd49769b99f921d3fbe8ef753604abe" }, { "path": "AudioMap.dmg/AudioMap.app", "digestAlgorithm": "SHA-256", "cdhash": "b1fa9c86be805ef28c645f3b03631e2e5873ce77", "arch": "arm64" }, { "path": "AudioMap.dmg/AudioMap.app/Contents/Frameworks/libsodium.26.dylib", "digestAlgorithm": "SHA-256", "cdhash": "6228e3fdcd29c080ae45d1bc5a6af10960db8938", "arch": "arm64" }, { "path": "AudioMap.dmg/AudioMap.app/Contents/MacOS/AudioMap", "digestAlgorithm": "SHA-256", "cdhash": "b1fa9c86be805ef28c645f3b03631e2e5873ce77", "arch": "arm64" }, { "path": "AudioMap.dmg/AudioMap.app/Contents/Frameworks/libsodium.26.dylib", "digestAlgorithm": "SHA-256", "cdhash": "6228e3fdcd29c080ae45d1bc5a6af10960db8938", "arch": "arm64" } ], "issues": null }
4
0
665
Jul ’24
Notarization error when client upload application to notarization service
After my application was singed on the mac runner, I got an error when my application was uploaded from my Mac runner to the Notarization service. Here is my error: Notarization ended with response: {"uuid":"my_uid","notarizationStatus":{"status":"ERROR","message":"Error happened while uploading file to Apple notarization service","moreInfo":"net.jodah.failsafe.FailsafeException: java.util.concurrent.ExecutionException: Error while parsing the output after the upload of the file to be notarized"}} Does anyone know how to fix it? Thank you very much!
1
0
386
Jul ’24
Notarytool crashes in Python running in an Apache Webserver
notarytool-2024-07-23-143951.ips I notarytool-2024-07-23-105410.ips have two Mac machines and running the same Python script as a CGI script in an Apache webserver (httpd) installed via Homebrew. The Python script calls the subprocess.run() method to call the notarytool via xcrun. On one server the script runs as expected in the webserver environment and on the other machines it gets an exit code (-)4; SIGILL. On the machines where it fails, the notarytool command works from console, as expected. Additionally, it works if I run the script directly with Python in the console. I launch the same command in a Perl script in the webserver and the same exit code / issue occured. I have the same installed version and setup on both servers for Homebrew Apache Webserver (httpd) Python version (3.9.6) xcrun --version: xcrun version 61. xcrun notarytool --version: 1.0.0 (27) the Mac machines are identical, both are bought and set up at the same time The see similar topics at: https://forums.developer.apple.com/forums/thread/724995 Notarytool was used on a machine as an agent via Jenkins job https://github.com/moses-palmer/pynput/issues/366#issuecomment-1364470827 used Python, gets the same exit code, used in multi-thread environment (maybe like a webserver)
2
0
392
Jul ’24
Notarization: The operation couldn't be completed. (SotoS3.S3ErrorType.multipart error 1.)
Hello, For my macOS app, on Xcode version 15.4 (15F31d) on macOS 14.5 (23F79) I follow Organizer > Distribute App > Direct Distribution, and I get a Notary Error "The operation couldn't be completed. (SotoS3.S3ErrorType.multipart error 1.)" It's been happening since 3 days. In the IDEDistribution.verbose.log file I see: https://gist.github.com/atacan/5dec7a5e26dde0ec06a5bc4eb3607461
11
0
909
Jul ’24
Ported app to M2 and need advice to notarize
Hi, I am totally unaware of the new notarize mechanism and generally starting to sign my application after having ported it to M2. I want to distribute the app without App Store - yet. My application is an open source tool or better a more complex tool for the software development that contains dylibs and frameworks all within an app bundle. I am using wxWidgets and stumbled upon the build process using install_name_tool temporary for each bundle and probably all libraries that I place into the application bundle to have an @executable_path and not an absolute path. That works so far, but the notarize tool or better checking it with spctl rejects it. A further test with spctl --assess or the like, I have the command lost, shows that are resources missing and I have a hint to use @rpath entries to be added. I am using makefiles and a custom make system where I build up the make commands for each target. I won't modify the rules for each target type, if I could do this in a post build step for all the contents of the app bundle. I have therefore a shell script that handles that additional task yet until code signing and it looks like as follows: #!/bin/sh # Copies together files for the Mac OS X application bundle and created a disk image export prefix=$1 export VERSION=1.3.4 cp ../../../Database/*.sql wxWrapper.app/Contents/Resources cp splash.png wxWrapper.app/Contents/Resources mkdir wxWrapper.app/Contents/Resources/XSLT cp -R ../../../AppDevelopmentDemo/DynamicApp/XSLT_Templates/include wxWrapper.app/Contents/Resources/XSLT/include cp -R ../../../AppDevelopmentDemo/DynamicApp/XSLT_Templates/DMFToXMI wxWrapper.app/Contents/Resources/XSLT/DMFToXMI cp -R ../../../AppDevelopmentDemo/DynamicApp/XSLT_Templates/XMIToDMF wxWrapper.app/Contents/Resources/XSLT/XMIToDMF cp -R ../../../AppDevelopmentDemo/DynamicApp/XSLT_Templates/lbDMFDataViewModel wxWrapper.app/Contents/Resources/XSLT/lbDMFDataViewModel cp -R ../../../AppDevelopmentDemo/DynamicApp/XSLT_Templates/lbDMFFixedFormular wxWrapper.app/Contents/Resources/XSLT/lbDMFFixedFormular cp -R ../../../AppDevelopmentDemo/DynamicApp/XSLT_Templates/TurboVision wxWrapper.app/Contents/Resources/XSLT/TurboVision cp -R ../../../AppDevelopmentDemo/DynamicApp/XSLT_Templates/wxActiveRecords wxWrapper.app/Contents/Resources/XSLT/wxActiveRecords cp -R ../../../AppDevelopmentDemo/DynamicApp/XSLT_Templates/wxLua wxWrapper.app/Contents/Resources/XSLT/wxLua cp ../../../AppDevelopmentDemo/DynamicApp/XSLT_Templates/include/XMISettingsTemplate.xsl wxWrapper.app/Contents/Resources/XSLT/XMIToDMF/XMISettings.xsl cp -R ../../../AppDevelopmentDemo/DynamicApp/UMLSamples wxWrapper.app/Contents/Resources mkdir wxWrapper.app/Contents/Resources/toolbarimages # UGLY! Using environment that also is properly defined while jenkins build is better cp -R $prefix/lib wxWrapper.app/Contents cp -R $prefix/plugins wxWrapper.app/Contents/Resources # How to access them? cp toolbarimages/*.xpm wxWrapper.app/Contents/Resources/toolbarimages cp toolbarimages/*.png wxWrapper.app/Contents/Resources/toolbarimages #cp -R `wx-config --prefix`/lib/lib`wx-config --basename`-`wx-config --release`.0.6.0.dylib wxWrapper.app/Contents/lib #cp -R `wx-config --prefix`/lib/lib`wx-config --basename`-`wx-config --release`.0.dylib wxWrapper.app/Contents/lib cp -R `wx-config --prefix`/lib/lib`wx-config --basename`-`wx-config --release`.*.dylib wxWrapper.app/Contents/lib cp -R `wx-config --prefix`/lib/lib`wx-config --basename`-`wx-config --release`.dylib wxWrapper.app/Contents/lib cp Info.plist wxWrapper.app/Contents codesign -f -v -s "Lothar Behrens" wxWrapper.app/Contents/Frameworks/lbHook.framework/Versions/A/lbHook codesign -f -v -s "Lothar Behrens" wxWrapper.app/Contents/Frameworks/wxJson.framework/Versions/A/wxJson codesign -f -v -s "Lothar Behrens" wxWrapper.app/Contents/Frameworks/wxWrapperDLL.framework/Versions/A/wxWrapperDLL codesign -f -v -s "Lothar Behrens" wxWrapper.app/Contents/lib/* codesign -f -v -s "Lothar Behrens" wxWrapper.app/Contents/Resources/plugins/* xattr -cr wxWrapper.app codesign -f -v -s "Lothar Behrens" wxWrapper.app/Contents/MacOS/wxWrapper #codesign -dvv wxWrapper.app codesign -f -v -s "Lothar Behrens" wxWrapper.app #spctl -a -t exec -vvvv wxWrapper.app #codesign -dvv wxWrapper.app #codesign -vv --deep-verify wxWrapper.app # Creating a new diskimage hdiutil create -ov -size 200m -volname lbDMF-$VERSION lbDMF-$VERSION-`uname -p`.dmg -fs HFS+ sleep 5 hdiutil attach lbDMF-$VERSION-`uname -p`.dmg # Copy stuff #mkdir /Volumes/lbDMF-$VERSION/`uname -p` #cp -R wxWrapper.app /Volumes/lbDMF-$VERSION/`uname -p` cp -R wxWrapper.app /Volumes/lbDMF-$VERSION mkdir /Volumes/lbDMF-$VERSION/toolbarimages cp toolbarimages/*.xpm /Volumes/lbDMF-$VERSION/toolbarimages cp toolbarimages/*.png /Volumes/lbDMF-$VERSION/toolbarimages cp ../../../COPYING /Volumes/lbDMF-$VERSION cp ../../../license-bindist.txt /Volumes/lbDMF-$VERSION cp ../../../AppDevelopmentDemo/DynamicApp/Doc/ApplicationprototypingDokumentation.pdf /Volumes/lbDMF-$VERSION/ # Copying templates to an accessable place cp -R wxWrapper.app/Contents/Resources/XSLT /Volumes/lbDMF-$VERSION/ cp -R wxWrapper.app/Contents/Resources/UMLSamples /Volumes/lbDMF-$VERSION/ mkdir /Volumes/lbDMF-$VERSION/.lbDMF cp -R wxWrapper.app/Contents/Resources/*.sql /Volumes/lbDMF-$VERSION/.lbDMF cat <<EOF >> /Volumes/lbDMF-$VERSION/Readme.txt Dear Mac user! ... Thanks Lothar Behrens EOF rm -rf `find /Volumes/lbDMF-$VERSION -name CVS -print` hdiutil detach /Volumes/lbDMF-$VERSION rm lbDMF-$VERSION lbDMF-$VERSION-`uname -p`.dmg.zip zip lbDMF.dmg.zip lbDMF-$VERSION lbDMF-$VERSION-`uname -p`.dmg mv lbDMF.dmg.zip lbDMF-$VERSION-`uname -p`.dmg.zip code-block Testing the app bundle shows this: spctl --assess -vvvvv --type execute wxWrapper.app wxWrapper.app: rejected origin=Apple Development: Lothar Behrens (********) I need some help where to insert a proper notary tool command and a proper check before uploading that I can see, if I could do so. Despite that I haven't had an active developer ID, I have that now and need to setup the Developer ID Distribution certificate into the keychain. So I plan to add the @rpath values per framework/dylib/so as additional commands into the shell script above. But how can I best verify for successful usage of notary tool? Any help? Thanks, Lothar
7
0
415
Jul ’24
App stuck on notarizing for 2+ hours
I am using Github Actions for signing and notarizing, but it's been stuck on notarizing for hours. I cancelled and retried but same thing happens. I am using Tauri which is running the notarize scripts. Here is my main.yml: name: macOS Build Script on: push: branches: - 'main' permissions: contents: write issues: write pull-requests: write jobs: build: runs-on: macos-latest steps: - name: Checkout repository uses: actions/checkout@v2 - name: Install Rust uses: actions-rs/toolchain@v1 with: toolchain: stable profile: minimal override: true - name: Install Node.js uses: actions/setup-node@v2 with: node-version: '20' - name: Install Node.js Dependencies run: npm install - name: Build the App run: npm run tauri build - name: List build artifacts run: | echo "Build artifacts:" ls -R src-tauri/target/release/bundle/ - name: Create Release uses: tauri-apps/tauri-action@v0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} with: tagName: app-v__VERSION__ releaseName: 'App v__VERSION__' releaseBody: 'macOS build. See the assets to download this version and install.' releaseDraft: true prerelease: false - name: Create Release Manually if: failure() uses: actions/create-release@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: tag_name: app-v0.0.0 release_name: App v0.0.0 (macOS) draft: true prerelease: false id: create_release - name: Upload Release Asset if: failure() uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: ./src-tauri/target/release/bundle/dmg/mac-app_0.0.0_x64.dmg asset_name: mac-app_0.0.0_x64.dmg asset_content_type: application/x-apple-diskimage
1
0
420
Jul ’24
Notarization staus code 7000
I am getting rejected while notarizing. { "logFormatVersion": 1, "jobId": "123456-123456-123456-123456", "status": "Rejected", "statusSummary": "Team is not yet configured for notarization. Please contact Developer Programs Support at developer.apple.com under the topic Development and Technical / Other Development or Technical Questions.", "statusCode": 7000, "archiveFilename": "AppName.dmg", "uploadDate": "2024-07-26T18:51:25.866Z", "sha256": "a37cd79", "ticketContents": null, "issues": null } Do let me know how I can configure my team for notarization. File size is 103 MB. Made in Electron + Vue.
3
0
545
Jul ’24
xcrun stapler error/message confusing
Hi, We are running xcrun staple on our pkg file. It gives the following message We do not know how to deal with trailer version 9262. Exepected 1 Terminator Trailer size must be 0, not 1737 {magic: t8lr, version: 1, type: 2, length: 1737} Found expected ticket at 8164385 with length of 1737 Sig Type is RSA. Length is 3 Sig Type is CMS. Length is 3 Package mypkg.pkg uses a checksum of size 20 *The staple and validate action worked!* However, the command returns with -1 error code. So, the questions I have are: What does this return response mean? Do we consider this as a success of failure scenario (specially because the message "...action worked"
3
0
410
Jul ’24
Developer ID target can't be signed or notarized automatically
macOS application Mulligan's Eagle (403115926) macOS deployment - macOS 10.14 (Mojave) through Sonoma 14.5 macOS targets - Mac App Store, ad hoc direct drag-to-install image Xcode version 15.4, various development Macs (Intel, M1, M2) Eagle delivered since pre-Mac App Store days - derived from System 7 MacApp development. App most recently delivered with min system Mac OS 10.12 through current Sonoma 14.5, dual target for Mac App Store automatically signed with Apple Development credentials and for outside release automatically signed with Developer ID credentials. Recent revisions to the software to bump min system to 10.14 (Mojave) with typical continuing development for tech, reqm'ts, etc. Updates (a couple since previous release) to Xcode - now using version 15.4, which recommended some config changes that made sense, except min system. Popular application with lots of older (uh... elder) users running Macs servicing golfers. The application is ready to distribute with automatic signing, but wasn't able to do so with Developer ID credentials, but Xcode note (and reading of tips in this forum and my poor understanding) managed to submit for notarization - failed. Tried to manually sign... and reviewed signing info in Xcode... So I reviewed Certificate(s) etc. that should have been used when previously signing Dev ID for notarization and release. I have (I think) six Developer ID Application certs and six Developer ID Installer certs and I can't find any combination of those certificates - some with duplicate dates or expirations - that allows me to use one to automatically sign code to notarization or delivery. What do I do? I've lived a peaceful solo developer life for 25 years delivering and signing code for the Mac and as long as iOS has existed. I'm terrified about this issue however... My early Mac OS using customers (since Lion - pre sandbox) still have serial numbers for this software and have bought a Mac every 6 - 10 years so they could get my latest release. We've never required that they re-purchase from the App Store... they have a perpetual license. Sandboxing was a shock they never felt - we kept delivering updates to them and if they decided sandboxing mattered, they purchased from Apple and we included the container-migration entitlement in the App Store version to move their data to the new sandbox. Pretty slick. Until we built an install disk to test it on an unsandboxed version of Eagle in our office. It "lost" its data - vanished by remaining in the old Application Support directory while the new hardened runtime version looked for it in the sandbox - finding nothing. Just imagine encountering that if you're 80 years old running a golf league. How can I "reset" the futzed-up certificate Developer ID mess? I have multiple machines, all with varying subsets of what seem to be good certificates. And Xcode builds new provisioning profiles just for the heck of it, it seems. I'm afraid to revoke or throw out any certificates because I can't tell which ones are good, bad or duplicates - they're all valid. And I can't create any more Developer ID certs because there's a max to control certificate-miscreants like me (yes, I've read Quinn's protection of your Dev ID note - I screwed it up with only 1 employee). I depend on automatic signing because I'm still, after 58 years of coding, just a novice. Is it true that I should still specify in my build settings that I'm using Developer ID credentials for my ad hoc development and distribution schemes? And that the proper settings for those should NOT enable hardened runtime or app sandboxing? Sorry for my intensity here.... It's been 2 weeks since App Review bonked an initial submission with just an "it's broken" reject message, and DTS decided this is not such an emergency that the Developer Forum shouldn't be able to handle it. I'm truly hoping it's so.
4
0
564
Jul ’24
Unable to Notarize
I have been trying to notarize an app since yesterday tried about 20 times at various times of the day. Most times it stops during the upload and produces an error message "Couldn't communicate with a helper application" which occurs at various places while downloading. Three times the upload appeared to complete but then produced an error "This operation could not be completed (SotoS3.S3ErrorType.Multipart.error.1 I then looked in the status log which had several entries: Prepared archive for uploading (green check to left) Upload failed (red x to left) Notary error (red x to left) The operation couldn't be completed (SotoS3.S3ErrorType...) In Progress (grey timer icon to left)
4
0
457
Aug ’24
Struggling to Notarize a JUCE Plugin Installer
Hi there, I've been working on a JUCE audio plugin project and have created an installer for the demo to release to the public outside of the App Store. I have built the various forms of the plugin in Xcode (standalone, AU, vst3) and have the automatic signing set up with a Developer ID Application certificate. I have been using WhiteBox Packages to create the installer to install the AU component and the vst3 on a user's computer. I can successfully sign the installer with a Developer ID Installer certificate but when I submit it for notarization, the status returns as "invalid". When looking at the Notarytool log, it says that the binary is not signed with a valid Developer ID certificate for all versions of the plugin (for AU & vst3, and both architectures, arm64 & x86_64, as well). I can use codesign and pkgutil to confirm that the files and installer are both signed including the contents within both the AU and vst3 bundles, but the notarization still fails. I have tried to notarize just a zipped version of the plugin but that fails too. In the Customizing The Notarization Workflow documentation, it is mentioned that custom third-party installers need two rounds of notarization. I'm assuming Packages is a custom third-party installer but I don't see how two rounds of notarization is possible when I can't even notarize a zipped version of the plugin. I am still new to Xcode and Apple Developer so there is a possibility that it's something I missed or didn't do. I've read through quite a few other posts on both this forum and the JUCE forum about similar problems but I haven't found a solution that has worked so if anyone has any ideas on how to potentially get my installer notarized, I'd greatly appreciate the advice. Thanks.
2
0
331
Aug ’24
App notarization for Chinese Apple Developer accounts
Hi everyone, I'm hearing online that the macOS App Notarization service won't work for some Chinese app developers. They say that personal Apple Developer accounts in China (supposedly having membership subscription) are restricted from using this service or their macOS apps won't pass notarization process probably due to some "strict legal regulations". I want to ask if this is true? Or is it just they failed to follow some of the technical requirements of this process?
0
0
405
Aug ’24
Code Signing/Notarisation for .app that runs Java, no XCode
Hi there- Like the title says, I'm trying to get an .app bundle code-signed and notarised that runs java internally, without using XCode. I've mostly based my workflow off the advice and notes given here and here, but I'm running into problems with using notarytool at the final step, rather than altool. My basic workflow from the same directory with the .app is as follows... codesign --deep --force --options=runtime --entitlements ../resources/entitlements.plist --sign "DEVELOPER_ID_ETC" --timestamp MyApp.app/Contents/MacOS/launcher.command codesign --deep --force --options=runtime --entitlements ../resources/entitlements.plist --sign "DEVELOPER_ID_ETC" --timestamp MyApp.app/Contents/Java/code_jar.jar codesign --deep --force --options=runtime --entitlements ../resources/entitlements.plist --sign "DEVELOPER_ID_ETC" --timestamp MyApp.app/Contents/PlugIns/OSX_JRE codesign --deep --force --options=runtime --sign "DEVELOPER_ID_ETC" --timestamp MyApp.app/Contents/Resources/app_icon.icns codesign --deep --force --options=runtime --entitlements ../resources/entitlements.plist --sign "DEVELOPER_ID_ETC" --timestamp MyApp.app codesign -vv MyApp.app zip -r MyApp_APP.zip MyApp.app ../notarytool submit MyApp_APP.zip --keychain-profile "Developer-notarytool" --wait ...at which point I receive an 'invalid' response from the server that notarytool uploads to. The "codesign -vv" step passes without complaint, so is there any way to get more information about what's causing the notarisation failure?
2
0
403
Aug ’24
Persistent Notarization Issues with Electron App
I am runnning persistent notarization issues with my macOS Electron application. Despite multiple attempts to resolve these issues, the notarization status remains "Invalid," and the errors in the report are consistent. What I'm doing Sign the code like this codesign --sign "Apple Distribution: Name Lastname (123456)" --deep --force --timestamp=auto path/to/Application.app I then get: Application.app: replacing existing signature I then verify the signing with: codesign --verify --deep --strict --verbose=4 path/to/Application.app I then get: --prepared:/path/to/Application.app/Contents/Frameworks/SomeFramework.framework --validated:/path/to/Application.app/Contents/Frameworks/SomeFramework.framework --prepared:/path/to/Application.app/Contents/Frameworks/AnotherFramework.framework --validated:/path/to/Application.app/Contents/Frameworks/AnotherFramework.framework Application.app: valid on disk Application.app: satisfies its Designated Requirement I then build: npm build I then package: zip -r Application.zip Application.app I then upload: xcrun notarytool submit Application.zip --apple-id your-apple-id --team-id your-team-id --password your-app-specific-password Then I check for status and I get: Successfully received submission info createdDate: 2024-08-15T18:21:31.520Z id: 55daf39a-4be9-4dd6-a490-1890d33f9e75 name: Application.zip status: Invalid In the report generated I get issues like: "path": "path/to/Application.app/Contents/Frameworks/SomeFramework.framework/SomeFramework", "message": "The signature of the binary is invalid.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735", "architecture": "arm64" and "path": "path/to/Application.app/Contents/Frameworks/SomeFramework.framework/Versions/Current/Helpers/chrome_crashpad_handler", "message": "The signature does not include a secure timestamp.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733", "architecture": "arm64" What am I doing wrong? I tried signing each issue separately and rerun the entire process, it's not working.
1
0
454
Aug ’24
Notarization consistently taking days to complete
Hi all — Hoping you all have insights on notarization. We are a small startup using Apple Business Essentials as our company MDM, managing our fleet of Macs. ABE has the capability (as with every MDM) to deploy custom software to those Macs via .pkg files. We create the package files with no problem, and also codesign them with no problem. We discovered that the Macs will fail to install the packages if the package is not notarized (which makes sense from the perspective of Gatekeeper). Notarizing the package was easy. Submitting them is easy. But the processing time has been crazy! I've read from posts here that the first submissions can take a long time, and indeed ours did — iirc, about 48 hours. But the pattern has continued. Our most recent submission (submission id 2a714bbf-83e7-4a25-b936-e002c94e1704 if someone from Apple is reading) has now taken almost 4 days and is still In Progress. I have no idea how to resolve this, or even to understand what's holding up the submission. Anyone have any ideas? We are not intending to deploy any of these packages to the public (only to our corporate Macs). I'd love to avoid the notarization but it doesn't seem possible. Any ideas?
1
0
371
Aug ’24
Notarization Status: Accepted. What does it mean?
I submitted my macOS app for notarization. Here's what I see: Successfully received submission info createdDate: 2024-08-21T11:25:46.063Z id: 9e787992-5737-4ca8-b8b5-23d267f6476c name: MacOSapp.zip status: Accepted What does it mean? Are there more stages in this process? The reason I am asking is because trying to staple a ticket gives me 'error 65' which means there is no ticket.
1
0
333
Aug ’24