I've tried to notarize my app recently and got the error:{
"logFormatVersion": 1,
"jobId": "...",
"status": "Rejected",
"statusSummary": "Team is not yet configured for notarization",
"statusCode": 7000,
"archiveFilename": "myapp.dmg",
"uploadDate": "2019-06-20T06:24:53Z",
"sha256": "...",
"ticketContents": null,
"issues": null
}I've never heard about "team configuration for notarization" previously. What are the steps to resolve that issue?Thanks in advance.
Notarization
RSS for tagNotarization is the process of scanning Developer ID-signed software for malicious components before distribution outside of the Mac App Store.
Post
Replies
Boosts
Views
Activity
It seems like something changed in the notarization in the last few days. I'm running the same build script that creates and notarize a DMG that contains a PKG with 4 plugins. Everything is signed correctly. No error anywhere in the notarization process.
Checking the status of the notarization, I get this:
Status: success
Status Code: 0
Status Message: Package Approved
Stapling returns this:
The staple and validate action worked!
Yet, if I check the PKG inside with this command:
spctl -a -vvv -t install
I get this output:
.pkg: rejected
source=Unnotarized Developer ID
origin=Developer ID Installer: My Company
This project was perfectly working a few weeks ago, and we have not changed a thing. Checking the notarization log, the only issue I see is this:
"issues": [
{
"severity": "warning",
"code": null,
"path": "Archive.dmg/Installer.pkg",
"message": "This archive is corrupt, and cannot be unpacked for analysis.",
"docUrl": null,
"architecture": null
}
]
But this warning is also present in past DMG/PKG thatare notarized and work as they should.
Another difference from previous logs is that I can only see one item in ticketContents, which is the DMG, while previously I could see two, both the DMG and the PKG.
IMPORTANT altool is deprecated for the purposes of notarisation and will stop working on 1 Nov 2023 [1]. If you’re currently notarising with altool, switch to notarytool now. For specific advice on how to do this, see TN3147 Migrating to the latest notarization tool.
General:
DevForums tag: Notarization
WWDC 2018 Session 702 Your Apps and the Future of macOS Security
WWDC 2019 Session 703 All About Notarization
WWDC 2021 Session 10261 Faster and simpler notarization for Mac apps
WWDC 2022 Session 10109 What’s new in notarization for Mac apps — Amongst other things, this introduced the Notary REST API
Notarizing macOS Software Before Distribution documentation
Customizing the Notarization Workflow documentation
Resolving Common Notarization Issues documentation
Notary REST API documentation
TN3147 Migrating to the latest notarization tool technote
Fetching the Notary Log DevForums post
Q&A with the Mac notary service team Developer > News post
Notarisation and the macOS 10.9 SDK DevForums post
Testing a Notarised Product DevForums post
Notarisation Fundamentals DevForums post
The Pros and Cons of Stapling DevForums post
Many notarisation issues are actually code signing or trusted execution issue. For more on those topics, see Code Signing Resources and Trusted Execution Resources.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] See Apple notary service update.
2022-07-24 16:43:30.074 *** Error: Notarization failed for '/var/folders/r1/3j8rdbl95l9csz588j1nc6xc0000gn/T/electron-notarize-gGm3Fr/git-icons.zip'.
2022-07-24 16:43:30.075 *** Error: You do not have required contracts to perform an operation. With error code FORBIDDEN_ERROR.CONTRACT_NOT_VALID for id bb96a1a8-c3c3-4ded-a3c8-2abe369d8881 You do not have required contracts to perform an operation (-19208)
{
NSLocalizedDescription = "You do not have required contracts to perform an operation. With error code FORBIDDEN_ERROR.CONTRACT_NOT_VALID for id bb96a1a8-c3c3-4ded-a3c8-2abe369d8881";
NSLocalizedFailureReason = "You do not have required contracts to perform an operation";
}
For a few days now, notarytool is crashing whenever I'm running one of my Jenkins jobs where notarytool is called from a shell script.
Based on the debug log, the crash appears round at the time that the upload of the binary to be notarized is attempted. When a runloop should be started to run the upload via an async http request:
Debug [TASKMANAGER] Starting Task Manager loop to wait for asynchronous HTTP calls.
The specific job setup looks like this:
Jenkins Job › Run shell script phase › Shell script › Second shell script › notarytool call.
Running the notarytool directly from Terminal works and completes as expected.
Crashlog Snippet:
Path: /Applications/Xcode-14.2.app/Contents/Developer/usr/bin/notarytool
Identifier: notarytool
Version: ???
Code Type: X86-64 (Native)
Parent Process: launchd [1]
Responsible: java [428]
OS Version: macOS 12.6.2 (21G320)
Crashed Thread: 1 Dispatch queue: com.apple.NSURLSession-work
Exception Type: EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes: 0x0000000000000001, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace SIGNAL, Code 4 Illegal instruction: 4
Terminating Process: exc handler [18889]
Application Specific Signatures:
API Misuse
Thread 1 Crashed:: Dispatch queue: com.apple.NSURLSession-work
0 libxpc.dylib 0x7ff81aa2720e _xpc_api_misuse + 117
1 libxpc.dylib 0x7ff81aa128bb xpc_connection_set_target_uid + 193
2 AppSSOCore 0x7ff8264facaa -[SOServiceConnection _connectToService] + 533
3 AppSSOCore 0x7ff8264faa6f -[SOServiceConnection initWithQueue:] + 102
4 AppSSOCore 0x7ff8264fa98a -[SOClient init] + 122
5 AppSSOCore 0x7ff8264fa855 -[SOConfigurationClient init] + 180
6 AppSSOCore 0x7ff8264fa78c __38+[SOConfigurationClient defaultClient]_block_invoke + 16
7 libdispatch.dylib 0x7ff81ab1c317 _dispatch_client_callout + 8
8 libdispatch.dylib 0x7ff81ab1d4fa _dispatch_once_callout + 20
9 AppSSOCore 0x7ff8264fa77a +[SOConfigurationClient defaultClient] + 117
10 AppSSOCore 0x7ff8264fa6af +[SOAuthorizationCore _canPerformAuthorizationWithURL:responseCode:callerBundleIdentifier:useInternalExtensions:] + 130
11 AppSSOCore 0x7ff8264f9df0 appSSO_willHandle + 64
Back in January the exact same setup was still working. Same macOS version. Xcode version might have been different.
Would really appreciate some help since for now re-implementing notarytool appears to be the only solution.
Notarization step fails: New AppID and password created:
xcrun notarytool submit “.dmg” --apple-id “” --team-id “” --password “” --verbose --wait
Error: HTTP status code: 401. Your Apple ID has been locked. Visit iForgot to reset your account (https://iforgot.apple.com), then generate a new app-specific password. Ensure that all authentication arguments are correct.
I have reset app password many times, not result.
Codesigning completes normally:
Mac OS 11.5.2
Xcode 13.2.1
I seems like a pretty common issue but i'll make a post about it specifically for what i'm seeing. Its my first time notarizing an app so maybe its something in my config, but i'm not seeing any errors.
For simplicity I cloned, built and signed the sample Electron Forge app following the steps on https://www.electronforge.io/ "Getting Started". The build zip is 90MB so its not that large. My production application will be DMG, but even that is stuck (Maybe because the zips before it are currently stuck)
Trying to manually notarize via notarytool just hangs. I used xcrun notarytool submit <Package> --keychain-profile "NotaryProfile" --wait
Running xcrun notarytool history --keychain-profile "NotaryProfile" outputs the following.
createdDate: 2023-09-06T14:49:59.810Z
id: 838c0903-d136-4241-be98-174152a7e3cf
name: my-new-app.zip
status: In Progress
--------------------------------------------------
createdDate: 2023-09-06T14:31:08.880Z
id: 1ce6ef46-8b09-4b20-9f61-81292b2dcbb9
name: my-new-app.zip
status: In Progress
--------------------------------------------------
createdDate: 2023-09-06T14:10:23.726Z
id: 71bc9206-036e-46c7-aadf-6bfaa4097743
name: my-new-app.zip
status: In Progress
--------------------------------------------------
createdDate: 2023-09-06T13:54:35.527Z
id: 7c7fd365-1f08-48c6-a314-3a1809019f9c
name: my-new-app.zip
status: In Progress
Its been about 7 hours since my first attempt.
I tried to pull logs by calling xcrun notarytool log --keychain-profile "NotaryProfile" aa6e9df3-ef62-4058-8bcc-683f015b412a but it seems like non exist yet.
Submission log is not yet available or submissionId does not exist
id: aa6e9df3-ef62-4058-8bcc-683f015b412a
Not sure whats going on, but its pretty far off from the time estimate of 5 - 45 minutes.
Any help is appreciated.
NotaryTool version is 1.0.0 (28)
I've been trying to notarize an installer (.pkg file) on a new laptop. Previous versions have been notarized successfully on a previous Mac.
However, in spite of having the required certificates (same as the old Mac, generated for the new Mac) the submission gets stuck at "In Progress".
Doing it multiple times (even hours apart) doesn't help.
Is there a FAQ / suggested list of steps to help resolve this issue?
Here's what I see:
xcrun notarytool history --keychain-profile "(my profile name)"
results in (problem started with v4, the first version I've tried on this new Mac):
createdDate: 2023-10-17T01:34:36.911Z
id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name: xxxxxxxxxx-v4.pkg
status: In Progress
--------------------------------------------------
createdDate: 2023-10-17T01:33:59.191Z
id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name: xxxxxxxxxx-v4.pkg
status: In Progress
--------------------------------------------------
createdDate: 2023-10-16T21:01:25.832Z
id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name: xxxxxxxxxx-v4.pkg
status: In Progress
--------------------------------------------------
createdDate: 2023-10-16T19:57:44.776Z
id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name: xxxxxxxxxx-v4.pkg
status: In Progress
--------------------------------------------------
createdDate: 2023-10-02T14:17:34.108Z
id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name: xxxxxxxxxx-v3.pkg
status: Accepted
--------------------------------------------------
createdDate: 2023-09-28T14:04:46.211Z
id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name: xxxxxxxxxx-v2.pkg
status: Accepted
--------------------------------------------------
createdDate: 2023-09-20T17:28:46.168Z
id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name: xxxxxxxxxx-v1.pkg
status: Accepted
--------------------------------------------------
xcrun notarytool log xxxxxxxxxxxxxxxxxxxx --keychain-profile "(my profile name)" results in:
Submission log is not yet available or submissionId does not exist
id: xxxxxxxxxxxxxxxxxxxxxxxx
I tried to submit my app via the Notary Service with this command:
xcrun notarytool submit "${DMG_DIR}/${DMG_NAME}" --key "${APP_STORE_API_KEY}" --key-id "${KEY}" --issuer "${ISSUER}" --verbose
and I called the API to get the status of the submission, and it said it was rejected without any meta data.
I did codesign the app with this command:
codesign --force --timestamp --deep --sign "Developer ID Application: MY_NAME" "${DMG_DIR}/${DMG_NAME}"
Verify it with this command:
codesign -vvv --deep --strict "${DMG_DIR}/${DMG_NAME}"
The verification response:
/Users/runner/work/1/a/cli/osx-x64/{DMGFILE}.dmg: valid on disk
/Users/runner/work/1/a/cli/osx-x64/{DMGFILE}.dmg: satisfies its Designated Requirement
Verify the timestamp with this command and response:
Executable=/Users/runner/work/1/a/cli/osx-x64/{DMGFILE}.dmg
Identifier={IDENTIFIER}
Format=disk image
CodeDirectory v=20200 size=297 flags=0x0(none) hashes=1+6 location=embedded
Signature size=8975
Authority=Developer ID Application: MY_NAME
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Feb 14, 2024 at 7:40:35 PM
Info.plist=not bound
TeamIdentifier=TEAM_ID
Sealed Resources=none
Internal requirements count=1 size=172
I wonder if I missed any steps.
Thank you for the help.
I am working on an open source app. I have been testing the package installer, and something unexpected is happening: the .pkg won't run on my test machine and will instead show a banner saying "myApp.app can't be opened because Apple cannot check it for malicious software"; nevertheless, if I wait some minutes, the installer will run just fine!
After reading through many of ekimo's posts, I assumed it may have something to do with stapler. I was not stapling my .dmg originally, so that's something I may be missing (my app is installed by a .pkg inside a .dmg). Nevertheless, the computer where I am testing the app has internet connection, meaning stapler should not even come into play.
Regardless, I decided to staple my .dmg. Running xcrun stapler staple -v myApp.dmg after notarizing produces this result:
builder ~ % xcrun stapler staple -v /Users/builder/Data/HEAD/installation/Packages/myApp.dmg
Processing: /Users/builder/Data/HEAD/installation/Packages/myApp.dmg
Properties are {
NSURLIsDirectoryKey = 0;
NSURLIsPackageKey = 0;
NSURLIsSymbolicLinkKey = 0;
NSURLLocalizedTypeDescriptionKey = "Disk Image";
NSURLTypeIdentifierKey = "com.apple.disk-image-udif";
"_NSURLIsApplicationKey" = 0;
}
Creating synthetic cdHash for unsigned disk image, myApp.dmg. Humanity must endure.
Signing information is {
cdhashes = (
{length = 20, bytes = 0xdd018313b1c574a403f01dccc96c21705987d76c}
);
"cdhashes-full" = {
2 = {length = 32, bytes = 0xdd018313 b1c574a4 03f01dcc c96c2170 ... 918d33f3 d5a74dc3 };
};
cms = {length = 0, bytes = 0x};
"digest-algorithm" = 2;
"digest-algorithms" = (
2
);
flags = 2;
format = "disk image";
identifier = ADHOC;
"main-executable" = "file:///Users/builder/Data/HEAD/installation/Packages/myApp.dmg";
source = "explicit detached";
unique = {length = 20, bytes = 0xdd018313b1c574a403f01dccc96c21705987d76c};
}
Stored Codesign length: 12 number of blobs: 0
Total Length: 12 Found blobs: 0
JSON Data is {
records = (
{
recordName = "2/2/dd018313b1c574a403f01dccc96c21705987d76c";
}
);
}
Headers: {
"Content-Type" = "application/json";
}
Domain is api.apple-cloudkit.com
Response is <NSHTTPURLResponse: 0x600003b85ba0> { URL: https://api.apple-cloudkit.com/database/1/com.apple.gk.ticket-delivery/production/public/records/lookup } { Status Code: 200, Headers {
Connection = (
"keep-alive"
);
"Content-Encoding" = (
gzip
);
"Content-Type" = (
"application/json; charset=UTF-8"
);
Date = (
"Mon, 26 Feb 2024 15:34:15 GMT"
);
Server = (
"AppleHttpServer/78689afb4479"
);
"Strict-Transport-Security" = (
"max-age=31536000; includeSubDomains;"
);
"Transfer-Encoding" = (
Identity
);
Via = (
"xrail:st53p00ic-qujn15041902.me.com:8301:24R11:grp60,631194250daa17e24277dea86cf30319:59e17ac665e1de7388b8f4e69e92e383:defra2"
);
"X-Apple-CloudKit-Version" = (
"1.0"
);
"X-Apple-Edge-Response-Time" = (
99
);
"X-Apple-Request-UUID" = (
"9fc0fe2d-49fd-4e74-b718-660c56edb3bb"
);
"X-Responding-Instance" = (
"ckdatabasews:16306401:st42p63ic-ztfb05112901:8807:2409B432:afc827b7b1ebf24829e9c4856d4b69205f23804f"
);
"access-control-expose-headers" = (
"X-Apple-Request-UUID,X-Responding-Instance,Via"
);
"x-apple-user-partition" = (
63
);
} }
Size of data is 165
JSON Response is: {
records = (
{
reason = "Record not found";
recordName = "2/2/dd018313b1c574a403f01dccc96c21705987d76c";
serverErrorCode = "NOT_FOUND";
}
);
}
CloudKit query for myApp.dmg (2/dd018313b1c574a403f01dccc96c21705987d76c) failed due to "Record not found".
Could not find base64 encoded ticket in response for 2/dd018313b1c574a403f01dccc96c21705987d76c
The staple and validate action failed! Error 65
What does this show?
Thank you.
I'm trying to notarize an Objective-C app I've written in Xcode 15. I've mostly been following this guide: https://scriptingosx.com/2021/07/notarize-a-command-line-tool-with-notarytool/.
I got the Developer ID Application and Developer ID Installer certificates from Apple developer. I made sure hardened runtime was on in Xcode and chose Developer ID Application under the signing settings before archiving and exporting. After setting up my notarytool profile, I used "xcrun notarytool submit" to submit for notarization.
This first attempt went over 24 hours and still said "In Progress" so I cancelled it.
For my second attempt I built an installer pkg for my app signed with my Developer ID Installer certificate. I submitted this for notarization with "xcrun notarytool submit" and after over 24 hours of "in progress' it returned "the request timed out".
What am I doing wrong in the sign/notarize process?
I am bundling my app in a .dmg that I made.
I signed it, notarized it and stapled it.
When I install it on a friends Mac, I get the error message,"
This error may occur if something went wrong when authenticating using Sign in with Apple
Error Code 1000 for Sign in with Apple refers to an unknown error that occurred authenticating your Apple ID. Please make sure that you have Two-Factor authentication enabled for your Apple ID.
Is this because his Apple ID has not got two factor enabled, or because my Dev account does not?
I read somewhere that two factor must be enabled for latest versions of Macs, but again, is this my Apple Dev ID, or their's?
We have developed an application in which we have a main application and there are several loadable bundles which are loaded from within the main application.
We archive the main application and generate the .app file. When we run the app, everything works fine and it loads the bundles.
But when notarise the main application, it stops loading the bundles. We think we will need to notarise the bundles as well but not able to find the ways to do it.
Any help will be very appreciated.
Greetings to all. I have purchased my developer account and encountered an error message stating "Team is not yet configured for notarization" when attempting to sign my software. Despite my efforts to get in touch with Developer Programs over the past month through numerous phone calls and emails, the only response I receive is that they are unable to assist me at the moment. This situation has become quite distressing. We are encountering obstacles in releasing our software as Apple is impeding our progress. Users are experiencing an "unidentified developer" error message when trying to download it. I am unsure who to reach out to for assistance, especially when Apple support seems unresponsive despite being quick to accept payments.
I have recently upgraded to macOS 14 and Xcode 15. I gather codesign --deep no longer works.
Do I have to explicitly codesign every file in my .app? There are several hundreds of them.
Also, I am able to successfully codesign my executable (MyApp.app/Contents/MacOS/MyExecutable), but when I upload for Notarization, it fails with "The signature of the binary is invalid.", identifying the executable specifically.
This used to work fine. Why is it failing now?
The notarytool service seems to be down, but "Developer ID Notarization Service" is green in the system-status. If I try to submit a DMG for notorization or even just try to get the history it gives this response:
Error: internalError(statusCode: Optional(500), strData: nil, jsonData: Optional(["errors": <__NSSingleObjectArrayI 0x60000331d020>(
{
code = "UNEXPECTED_ERROR";
detail = "<null>";
id = 7S3TTC4N54UMTGOEMVREFQPSNE;
links = "<null>";
status = 500;
title = "Uncaught server exception";
}
)
, "statusCode": 500])) Please try again at a later time.
Everything worked a couple weeks ago
I'm trying to notarize an Objective-C app I've written in Xcode 15. However, when I archive the app, it is listed as a "Generic Xcode Archive" instead of an "app archive", so it can't be validated/distributed.
I've tried following all the steps in this article: https://developer.apple.com/documentation/technotes/tn3110-resolving-generic-xcode-archive-issue
My skip_install is set to NO. My app's dependencies don't show up under "Targets" so I couldn't check the skip_install setting for them. My linked libraries don't use a headers build phase. My install_path is set to $(LOCAL_APPS_DIR).
Why am I not getting an "app archive"?
Hey all. I "Archived" my XCode application, notarized through XCode, exported the .app and used a program create-dmg to generate a DMG for me. I then notarized this using the xcrun notarytool submit Lyric\ Fever\ 1.7.dmg --keychain-profile "notarytoolProfile" command as well as xcrun stapler staple Lyric\ Fever\ 1.7.dmg, both of which passed.
Running syspolicy_check distribution also passes. So does xcrun stapler validate.
This dmg still fails when testing using spctl. spctl -a -t open -vvv --context context:primary-signature Lyric\ Fever\ 1.7.dmg generates the following error:
Lyric Fever 1.7.dmg: rejected
origin=Apple Development: Avi Wadhwa (#######)
Furthermore, I uploaded this dmg to github and redownloaded it. This newly downloaded dmg does not open in finder, prompting the "unidentifier developer, malware" message.
Yet xcrun stapler validate passes, and so does syspolicy_check distribution. I know as per Eskimo's previous posts that this is not the ideal way to test notarization (and setting a macOS vm is the best method), but if I cannot download my own dmg from GitHub then something is clearly wrong.
I started the notarization process last night with the following command
xcrun notarytool submit --wait --keychain-profile "Developer ID Application: ..." --verbose Open\ Interface.zip
When I check its status, it still shows as it's in progress over 16 hours later
xcrun notarytool history --keychain-profile "Developer ID Application: ..."
Successfully received submission history.
history
--------------------------------------------------
createdDate: 2024-04-09T03:49:07.620Z
id: 8fcf8111-c18c-4941-acb6-f447d86735a2
name: Open Interface.zip
status: In Progress
--------------------------------------------------
createdDate: 2024-04-09T03:23:58.816Z
id: 93461030-f230-4225-b9f2-5d9472904858
name: Open Interface.zip
status: In Progress
Does anyone know what might be going wrong?
My .zip file is available here: https://github.com/AmberSahdev/Open-Interface/releases/download/0.5.0/Open-Interface-v0.5.0-MacOS.zip
Thanks!
I've been getting a notarization error for about a month and it's not resolved. (Case ID:
102252824962)
The error message I received is as I wrote in the title: "Team is not yet configured for notarization". when I contact the support team by phone, they say that this error message is not correct and that there is no problem with my individual account.
When i contacted the support team by phone, their only answer is that "Your case has been escalated to the engineers, and they’re working on it."
By the way, the support team never even responds to my email support requests.
The application I wrote is very very small and simple, I don't understand why it is taking so long to be analyzed and why the support team can't give any explanation?