Iam trying to notarize with notarytool command with app-specific password. xcrun notarytool submit <Path> --apple-id <APPLE_ID> --password <APP_SPECIFIC_PASSWORD> --team-id <Team-ID> But it fails with error Error: HTTP status code: 401. Unable to authenticate. Invalid session. Ensure that all authentication arguments are correct. Tried generating new app-specific password, still failing. Tried storing password in keychain with store-credentials option, again failing. --verbose option with store-credentials showing below error This process stores your credentials securely in the Keychain. You reference these credentials later using a profile name. Validating your credentials... [06:05:28.854Z] Info [API] Initialized Notary API with base URL: https://appstoreconnect.apple.com/notary/v2/\ [06:05:28.854Z] Info [API] Preparing GET request to URL: https://appstoreconnect.apple.com/notary/v2/test?, Parameters: [:], Custom Headers: private<Dictionary<String, String>> [06:05:28.855Z] Debug [AUTHENTICATION] Delaying current request to refresh app-specific password token. [06:05:28.855Z] Info [API] Preparing GET request to URL: https://appstoreconnect.apple.com/notary/v2/asp?, Parameters: [:], Custom Headers: private<Dictionary<String, String>> [06:05:28.855Z] Debug [AUTHENTICATION] Authenticating request to '/notary/v2/asp' with Basic Auth. Username: , Password: private, Team ID: [06:05:28.856Z] Debug [TASKMANAGER] Starting Task Manager loop to wait for asynchronous HTTP calls. [06:05:30.194Z] Debug [API] Received response status code: 401, message: unauthorized, URL: https://appstoreconnect.apple.com/notary/v2/asp?, Correlation Key: [06:05:30.195Z] Error [TASKMANAGER] Completed Task with ID 2 has encountered an error. [06:05:30.195Z] Debug [TASKMANAGER]Ending Task Manager loop. Error: HTTP status code: 401. Unable to authenticate. Invalid session. Ensure that all authentication arguments are correct.

Hello, I've notarised my app like this: ` codesign codesign --force --deep --entitlements "/Users/username/myapp/myapp.app/Contents/app.entitlements" --sign "Developer ID Application: Username (my team id)" "/Users/username/myapp/myapp.app" codesign -v /Users/username/myapp/myapp.app ` ` create .zip file ditto -c -k --keepParent "myapp.app" "myapp.zip" ` ` submit binary to Apple xcrun notarytool submit Shalloville.zip --apple-id "my icloud" --password "xxxx-xxxx-xxxx-xxxx" --team-id "my team id" ` Is there anything wrong? I submitted the .zip file on 27/11 and it's still "In Progress". Successfully received submission history. history -------------------------------------------------- createdDate: 2024-11-29T16:05:44.609Z id: eccf6248-4f2f-4cc1-bb90-88cf13aa08a0 name: Shalloville.zip status: In Progress -------------------------------------------------- createdDate: 2024-11-27T08:57:56.373Z id: 7d9887dc-6bf8-4e39-bcbe-0f22d02dce4f name: Shalloville.zip status: In Progress -------------------------------------------------- createdDate: 2024-11-27T07:05:05.544Z id: 84c08d62-189d-48b2-80d9-170ddc3edb67 name: Shalloville.zip status: In Progress

I just paid for 99$ a year and it's already 48hrs ago since I've paid. But when I click on my name it still says "Pending" and on the main landingpage on https://developer.apple.com/account it still says this "Purchase your membership. To continue your enrollment, complete your purchase now Your purchase may take up to 48 hours to process." Do I need a membership to codesign and notarising my VST plugins? Cause that'a what I bought it for.

Hello, After my developer Id had expired after 5 years, I created a new one, codesigned the app successfully, but could not notarize: xcrun notarytool submit mac_release/flow5.zip --keychain-profile "XFLR5" --wait Conducting pre-submission checks for flow5.zip and initiating connection to the Apple notary service... Error: HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct I don't think I was using an app specific password before, but the last time I went through this process was 5 years ago. Thanks in advance for any help.

We've recently updated our build server to macOS 15.1.1 and ever since notarization sporadically fails. Notarytool says No Keychain password item found for profile: foo, even though that item is present. I found out it works when I either log in using Remote Desktop (don't need to do anything else, just login and wait) or when running security unlock-keychain via SSH (but that one's not persistent, either). We're using GitLab (via gitlab-runner on the build server) and so far notarization hasn't had much problems with the keychain. That started with macOS 15.1. Are there any changes in 15.1 that we need to be aware of to make this stable?

Hello. I am developing an electron app with vscode. And I have some problems while signing and notarizing. I signed it with electron-osx-sign command. Then I tried notarize using xcrun notarytool submit .zip --keychian-profile "NotaryCredential" --wait. but the result says it is invalid. so I show the notarize log. Below is the log file. It says some framework bundles are not signatured. Please check it and let me know what is the problem. Thank you. notarize log.txt

I try to notarize my package, everything works except one signature of a binary. But the output of codesign seems fine. Notary log: "logFormatVersion": 1, "jobId": "350315e0-38ae-4224-a13b-1c4dc20c1cb7", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "VocalNet_Installer.pkg", "uploadDate": "2024-11-26T18:07:57.042Z", "sha256": "fc59a3c2c3669f641a18d6e6df9b91e9369f8cf9cd827d5a75762beb99dfbcfe", "ticketContents": null, "issues": [ { "severity": "error", "code": null, "path": "VocalNet_Installer.pkg/SLink.pkg Contents/Payload/Applications/SLink.app/Contents/MacOS/SLink", "message": "The signature of the binary is invalid.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735", "architecture": "arm64" } ] } Codesign output: Executable=/Users/200gaga/Main/VocalNet/SLink.app/Contents/MacOS/SLink Identifier=SLink Format=app bundle with Mach-O thin (arm64) CodeDirectory v=20500 size=319089 flags=0x10000(runtime) hashes=9965+3 location=embedded VersionPlatform=1 VersionMin=720896 VersionSDK=720896 Hash type=sha256 size=32 CandidateCDHash sha256=26dc42451d203f54e29de37a5f74b8d9f9ab30c2 CandidateCDHashFull sha256=26dc42451d203f54e29de37a5f74b8d9f9ab30c26bb1dcde85d3db13fcb9ab4f Hash choices=sha256 CMSDigest=26dc42451d203f54e29de37a5f74b8d9f9ab30c26bb1dcde85d3db13fcb9ab4f CMSDigestType=2 Executable Segment base=0 Executable Segment limit=81920 Executable Segment flags=0x1 Page size=4096 CDHash=26dc42451d203f54e29de37a5f74b8d9f9ab30c2 Signature size=9058 Authority=Developer ID Application: SESSION LOOPS, INC. (29DGL5KQ37) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=Nov 26, 2024 at 13:04:23 Info.plist entries=9 TeamIdentifier=29DGL5KQ37 Runtime Version=11.0.0 Sealed Resources version=2 rules=13 files=5060 Internal requirements count=1 size=168

It has been 3 days and it is still in progress. As you can see in the history, I retried a few hours after the initial attempt, both are stuck. For what it's worth, this is my first notary attempt on this Apple Developer Account, I am aware that first-time submission can take longer. What should I do at this point? Wait another few days? Is there a human in the loop that needs to manually allow my submission? I have seen posts about this for the last 2 years. Seems like Apple is not going to do anything about it, xcrun notarytool history --keychain-profile '[redacted]' Successfully received submission history. history -------------------------------------------------- createdDate: 2024-11-30T01:59:08.408Z id: 3de4f35a-a950-4b34-8a74-21252b3e49a4 name: Notes.ai.zip status: In Progress -------------------------------------------------- createdDate: 2024-11-29T20:49:53.437Z id: 268e5416-640c-419f-b22a-efe55212b50a name: Notes.ai.zip status: In Progress

2022-07-24 16:43:30.074 *** Error: Notarization failed for '/var/folders/r1/3j8rdbl95l9csz588j1nc6xc0000gn/T/electron-notarize-gGm3Fr/git-icons.zip'. 2022-07-24 16:43:30.075 *** Error: You do not have required contracts to perform an operation. With error code FORBIDDEN_ERROR.CONTRACT_NOT_VALID for id bb96a1a8-c3c3-4ded-a3c8-2abe369d8881 You do not have required contracts to perform an operation (-19208) { NSLocalizedDescription = "You do not have required contracts to perform an operation. With error code FORBIDDEN_ERROR.CONTRACT_NOT_VALID for id bb96a1a8-c3c3-4ded-a3c8-2abe369d8881"; NSLocalizedFailureReason = "You do not have required contracts to perform an operation"; }

Hi, I have built a MacOS application that I intend to distribute directly. I have created a disk image and code-signed successfully with the following response. xcrun notarytool info --apple-id "" --password "" --team-id "" I have also submitted the app for notarisation which says it's accepted. equipp@equipps-MacBook-Pro dist % xcrun notarytool submit SendFiles.dmg --keychain-profile "Sendfiles-Notarisation" --wait Conducting pre-submission checks for SendFiles.dmg and initiating connection to the Apple notary service... Submission ID received id: a2941225-b036-47b3-a010-547b0dce6a1a Upload progress: 100.00% (79.0 MB of 79.0 MB) Successfully uploaded file id: a2941225-b036-47b3-a010-547b0dce6a1a path: /Users/equipp/Documents/GitHub/sendfiles/dist/SendFiles.dmg Waiting for processing to complete. Current status: Accepted................ Processing complete id: a2941225-b036-47b3-a010-547b0dce6a1a status: Accepted When I run the application on a clean mac, I am still getting the error that this application is from an unidentified developer and might contain malware.(There's internet connection) However, when I try to staple the application, I am getting an error 65. Unsure what's going wrong with the notarisation. equipp@equipps-MacBook-Pro dist % xcrun stapler staple SendFiles.dmg Processing: /Users/equipp/Documents/GitHub/sendfiles/dist/SendFiles.dmg Could not validate ticket for /Users/equipp/Documents/GitHub/sendfiles/dist/SendFiles.dmg The staple and validate action failed! Error 65. equipp@equipps-MacBook-Pro dist % Can you please help?

Hi, I have been notarizing my code for several years with the same procedure, but today I have the following message : Conducting pre-submission checks for FencingFox.zip and initiating connection to the Apple notary service... Error: HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct. CloudKit query for FencingFox.pkg (1/00a276f170785e1dcbfbd6873a00b9309672338b) failed due to "Record not found". Could not find base64 encoded ticket in response for 1/00a276f170785e1dcbfbd6873a00b9309672338b The staple and validate action failed! Error 65. I have changed my apple password and migrated to Sequoia. How should I investigate the issue ?

I'm trying to store credentials on my keychange by doing this: xcrun notarytool store-credentials --apple-id APPLE-ID --team-id TEAM-ID I then I'm asked for a profile name, and the the App-specific password for my apple-id. This is when I'm getting an error: "Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct.". Now, I've generated the app specific pw by logging in here: https://account.apple.com/ but when I login to my Developers account, I do it here: https://developer.apple.com/account/ I've signed up for the "$99 a year"-program. Is there a problem that I've created the pw on what looks like my "private" page and not my "developer" page?

I'm trying to distribute my macOS application (a .dmg file) to customers, and I've followed all the steps to sign and notarize the application. However, when I try to install the .dmg containing the app, Gatekeeper rejects it with the error "AppName cannot be opened because developer is not verified". Even though I’ve signed the app with my Developer ID, notarized it, and verified the signature using codesign, I am still encountering issues when attempting to install or open the app on a clean macOS environment. Here’s the error I see when using spctl to check the .dmg: spctl --assess --type open --verbose=4 output/App.dmg output/App.dmg: rejected source=Insufficient Context When trying: spctl -a -t open -vvv --context context:primary-signature output/App.dmg output/Unbounded.dmg: accepted source=Notarized Developer ID origin=Developer ID Application: My .app is signed and notarised by electron builder and I explicitly signed and notarised dmg too but still not working

...and some more simple command line utilities. I've code signed all executables and binary libraries I could find. This has got rid of most errors already. Now I'm struggling with the "hardened runtime" requirements. I understand I can somehow add entitlements - but have no clue how to do that, and what to add. Somewhere there was reference to PCRE - I don't think Perl uses that itself, but certainly does deal with regexes a lot. How would I add eg. the JIT entitlement (if that was required)? Most documents refer to .mobileprovision files or similar - but I'm dealing with a desktop application. And as all of this is rather non-standard, we don't use Xcode at all. So I wouldn't even know how to use Xcode to create a profile for an an app which is managed completely "outside" of a normal macOS development environment.

Hi all, Occasionally, our systems grind to a halt because an agreement needs signed. As you can imagine this always happens at an inconvenient time. Is there a programmatic way we can know about this, before it happens? How is everyone else handling this? From a search through threads here and documentation, I don't see anything and thus I don't think this is possible to script, but wanted to double check. If not possible, what kind of grace period is there between when developer.apple.com mentions something will need signed, and when it stops working? I'm not the one who can sign, so can a non-signer see this? This part is basically asking: How often does someone have to log on to "poll" for this and can this be me or does it have to be the person with access to sign the agreements. Does the system maybe send out an email to the signer about these (in advance), that he's maybe not seeing? Thanks!

I'll do my best to explain my situation. Basically I have a plugin I'm trying to sign notarize and staple. My plugin is a .component but right now it is currently not bundled so its a .component folder. I cant open it in Xcode to bundle it and therefore cannot successfully bundle it that way. other things I've tried are failing with the error message logs showing the following messages. - "The signature does not include a secure timestamp." -"The binary is not signed." -"The signature of the binary is invalid." Those messages repeat several times and the very last one I receive is -"The contents of the package at ***** could not be extracted." So what I'd like to know is what can I do to my .component folder (all contents are in it so I can successfully sign it, timestamp it and submit successfully using notarytool? Thank you!

This afternoon notarization started throwing an error in terminal. I confirmed that the NOTARIZE_APP_LOG was created, but empty. I have been notarizing our apps on this machine (intel-12.7) with Xcode 13.4.1 for over a year without issue. Any suggestions would be greatly appreciated 9192 Bus error: 10 xcrun notarytool submit --apple-id "$ASC_USERNAME" --password "$ASC_PASSWORD" --team-id "$ASC_TEAM" "$ZIP_PATH" > "$NOTARIZE_APP_LOG" 2>&1 Translated Report (Full Report Below) Process: notarytool [9192] Path: /Library/Developer/CommandLineTools/usr/bin/notarytool Identifier: notarytool Version: ??? Code Type: X86-64 (Native) Parent Process: bash [2167] Responsible: Terminal [2142] User ID: 501 Date/Time: 2024-07-02 16:29:33.5256 -0600 OS Version: macOS 12.7 (21G816) Report Version: 12 Bridge OS Version: 8.0 (21P365) Anonymous UUID: 9AFB52C6-5CA1-7AE0-C249-9D090ABDFD28 Time Awake Since Boot: 820 seconds System Integrity Protection: enabled Crashed Thread: 1 Dispatch queue: nio.nioTransportServices.connectionchannel Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000700009d77ff0 Exception Codes: 0x0000000000000002, 0x0000700009d77ff0 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: Namespace SIGNAL, Code 10 Bus error: 10 Terminating Process: exc handler [9192]

We've been notarizing apps for a while now and have been through agreement changes before. But we still keep getting the following error when trying to notarize: Conducting pre-submission checks for myapp.dmg and initiating connection to the Apple notary service... Error: HTTP status code: 403. A required agreement is missing or has expired. This request requires an in-effect agreement that has not been signed or has expired. Ensure your team has signed the necessary legal agreements and that they are not expired. We've been through every document in our account to ensure it is signed. Is there any way to determine what document is not signed or what our issue is ? ...thanks

Hello, We use GitHub actions to build, sign and notarize our app. Everything was working fine, but lately the notarization has been failing almost every time. Only about 10% of attempts are successful. We haven't made any changes to the signing and notarizing processes. Here is command we use xcrun notarytool submit app.zip --wait --apple-id *** --team-id *** --password *** > notarization_output.txt Here is the error /Users/runner/work/_temp/c0b6c8e4-86d1-4307-af86-43666fcf39c7.sh: line 1: 3158 Bus error: 10 xcrun notarytool submit app.zip --wait --apple-id *** --team-id *** --password *** > notarization_output.txt

We submit for notarization using: xcrun notarytool submit --apple-id ACCOUNT --team-id XXXXXX --password NNNNNN application.zip I have occasionally had success uploading one of the applications, but I have never been successful uploading the bigger one. What is the reason for this? The files are not very large. The small file is only 6.0GB and the big file is only 17.5GB. Of the past 100 failures: 72: error: HTTPClientError.deadlineExceeded 28: error: The operation couldn’t be completed. (Network.NWError error 54 - Connection reset by peer)) On average it takes me around 50 attempts (2 days of uploading) to get past the S3 client configuration. I have tried 5 different internet providers for these uploads. None of them work any better, even ones that have great latency and connections to AWS. I only have a limited number of Mac OS X machines so I have tried on all of the ones I can afford, but none of them work better or worse than my new Mac Book Pro (2021) I have tried every single option and combination of options from man notarytool including disabling S3 acceleration, setting timeouts, trying to use wait. I have tried them all, Can someone please help me figure this out? I'm getting desperate and this is making me look really ****** for pushing to have a Mac OS X port because Mac users are stuck waiting for the notarization service which lags the Mac updates by many days. The error messages make it clear that notarytool is using Soto S3. The developer has indicated in multiple threads that the error HTTPClientError.deadlineExceeded is fixed by increasing the client timeout. Is there a way I can modify notarytool to apply this patch? https://github.com/soto-project/soto/discussions/622 Is it possible to write our own S3 upload tool that bypasses Soto S3 and uses something more reliable? Again, the files I am uploading are not very big none of them are bigger than 25GB. I don't understand why it doesn't work.