General: Forums topic: Code Signing Forums subtopic: Code Signing > Notarization Forums tag: Notarization WWDC 2018 Session 702 Your Apps and the Future of macOS Security WWDC 2019 Session 703 All About Notarization WWDC 2021 Session 10261 Faster and simpler notarization for Mac apps WWDC 2022 Session 10109 What’s new in notarization for Mac apps — Amongst other things, this introduced the Notary REST API Notarizing macOS Software Before Distribution documentation Customizing the Notarization Workflow documentation Resolving Common Notarization Issues documentation Notary REST API documentation TN3147 Migrating to the latest notarization tool technote Fetching the Notary Log forums post Q&A with the Mac notary service team Developer > News post Apple notary service update Developer > News post Notarisation and the macOS 10.9 SDK forums post Testing a Notarised Product forums post Notarisation Fundamentals forums post The Pros and Cons of Stapling forums post Resolving Error 65 When Stapling forums post Many notarisation issues are actually code signing or trusted execution issue. For more on those topics, see Code Signing Resources and Trusted Execution Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

The notary service requires that all Mach-O images be linked against the macOS 10.9 SDK or later. This isn’t an arbitrary limitation. The hardened runtime, another notarisation requirement, relies on code signing features that were introduced along with macOS 10.9 and it uses the SDK version to check for their presence. Specifically, it checks the SDK version using the sdk field in the LC_BUILD_VERSION Mach-O load command (or the older LC_VERSION_MIN_MACOSX command). There are three common symptoms of this problem: When notarising your product, the notary service rejects a Mach-O image with the error The binary uses an SDK older than the 10.9 SDK. When loading a dynamic library, the system fails with the error mapped file has no cdhash, completely unsigned?. When displaying the code signature of a library, codesign prints this warning: % codesign -d vvv /path/to/your.dylib … Library validation warning=OS X SDK version before 10.9 does not support Library Validation … If you see any of these errors, read on… The best way to avoid this problem is to rebuild your code with modern tools. However, in some cases that’s not possible. Imagine if your app relies on the closed source libDodo.dylib library. That library’s vendor went out of business 10 years ago, and so the library hasn’t been updated since then. Indeed, the library was linked against the macOS 10.6 SDK. What can you do? The first thing to do is come up with a medium-term plan for breaking your dependency on libDodo.dylib. Relying on an unmaintained library is not something that’s sustainable in the long term. The history of the Mac is one of architecture transitions — 68K to PowerPC to Intel, 32- to 64-bit, and so on — and this unmaintained library will make it much harder to deal with the next transition. IMPORTANT I wrote the above prior to the announcement of the latest Apple architecture transition, Apple silicon. When you update your product to a universal binary, you might as well fix this problem on the Intel side as well. Do not delay that any further: While Apple silicon Macs are currently able to run Intel code using Rosetta 2, that’s not something you want to rely on in the long term. Heed this advice from About the Rosetta Translation Environment: Rosetta is meant to ease the transition to Apple silicon, giving you time to create a universal binary for your app. It is not a substitute for creating a native version of your app. But what about the short term? Historically I wasn’t able to offer any help on that front, but this has changed recently. Xcode 11 ships with a command-line tool, vtool, that can change the LC_BUILD_VERSION and LC_VERSION_MIN_MACOSX commands in a Mach-O. You can use this to change the sdk field of these commands, and thus make your Mach-O image ‘compatible’ with notarisation and the hardened runtime. Before doing this, consider these caveats: Any given Mach-O image has only a limited amount of space for load commands. When you use vtool to set or modify the SDK version, the Mach-O could run out of load command space. The tool will fail cleanly in this case but, if it that happens, this technique simply won’t work. Changing a Mach-O image’s load commands will break the seal on its code signature. If the image is signed, remove the signature before doing that. To do this run codesign with the --remove-signature argument. You must then re-sign the library as part of your normal development and distribution process. Remember that a Mach-O image might contain multiple architectures. All of the tools discussed here have an option to work with a specific architecture (usually -arch or --architecture). Keep in mind, however, that macOS 10.7 and later do not run on 32-bit Macs, so if your deployment target is 10.7 or later then it’s safe to drop any 32-bit code. If you’re dealing with a Mach-O image that includes 32-bit Intel code, or indeed PowerPC code, make your life simpler by removing it from the image. Use lipo for this; see its man page for details. It’s possible that changing a Mach-O image’s SDK version could break something. Indeed, many system components use the main executable’s SDK version as part of their backwards compatibility story. If you change a main executable’s SDK version, you might run into hard-to-debug compatibility problems. Test such a change extensively. It’s also possible, but much less likely, that changing the SDK version of a non-main executable Mach-O image might break something. Again, this is something you should test extensively. This list of caveats should make it clear that this is a technique of last resort. I strongly recommend that you build your code with modern tools, and work with your vendors to ensure that they do the same. Only use this technique as part of a short-term compatibility measure while you implement a proper solution in the medium term. For more details on vtool, read its man page. Also familiarise yourself with otool, and specifically the -l option which dumps a Mach-O image’s load commands. Read its man page for details. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Revision history: 2025-04-03 — Added a discussion of common symptoms. Made other minor editorial changes. 2022-05-09 — Updated with a note about Apple silicon. 2020-09-11 — First posted.

It has been 3 days and it is still in progress. As you can see in the history, I retried a few hours after the initial attempt, both are stuck. For what it's worth, this is my first notary attempt on this Apple Developer Account, I am aware that first-time submission can take longer. What should I do at this point? Wait another few days? Is there a human in the loop that needs to manually allow my submission? I have seen posts about this for the last 2 years. Seems like Apple is not going to do anything about it, xcrun notarytool history --keychain-profile '[redacted]' Successfully received submission history. history -------------------------------------------------- createdDate: 2024-11-30T01:59:08.408Z id: 3de4f35a-a950-4b34-8a74-21252b3e49a4 name: Notes.ai.zip status: In Progress -------------------------------------------------- createdDate: 2024-11-29T20:49:53.437Z id: 268e5416-640c-419f-b22a-efe55212b50a name: Notes.ai.zip status: In Progress

I am reaching out regarding a persistent issue I have been facing with code signing. Despite extensive troubleshooting, I am unable to resolve the problem, and I would greatly appreciate your assistance. When attempting to sign my electron application with codesign with the following command: codesign --keychain ~/Library/Keychains/login.keychain --sign “Developer ID Application: MYNAME (DEV-ID)” --force --timestamp --options runtime --verbose=4 dist/mac-arm64/my.app I receive the following error message: “Warning: unable to build chain to self-signed root for signer ‘Developer ID Application: MYNAME (DEV-ID)‘“. This prevents me from successfully completing the code signing and notarization process. To resolve this, I have meticulously tried to troubleshoot the problem. Here are the steps taken so far: Imported Certificates into Keychains: I imported all necessary certificates (including Developer ID Application, Developer ID Certification Authority, Apple Root CA and Apple Root CA - G2) into the keychain. I tested with both the System and Login keychains (one at a time to avoid errors due to duplicates) Checked Trust Settings: I confirmed that the trust settings for the certificates are properly configured to “Always Trust.” I verified the private key is present in Keychain Access and is properly linked to the public certificate. Ensured valid identity: I ensured that the correct Developer ID identity is valid and the associated private key is available (security find-identity -v -p codesigning and security find-key -t private | grep “MY NAME”) Ensured keychain access permissions: I ensured that the respective keychain has access permissions (security set-key-partition-list -S apple-tool:,apple: -s -k ~/Library/Keychains/login.keychain) Verified matching Issuer and Subject to build certificate chain: I verified that the Issuer and Subject fields in the certificates show the correct references to build the certificate chain. Deleted and Re-imported Certificates: I deleted and re-imported the certificates multiple times to ensure there were no import issues or corruption in the certificates. Tested simplified setup: I attempted to sign simple files, such as a plain .txt file, using the Developer ID Application certificate I also attempted signing with minimal flags to rule out any issues with the app structure or build configuration Updated Xcode Command Line Tools One potential factor is that I am signing the application on a different machine from the one where the certificates were originally generated. I included the private key when exporting the certificate as a .p12 file from the original computer and imported it into the second computer’s keychain. This second computer is not connected to iCloud, and I suspect this could potentially affect the signing process. Despite all these efforts, the issue persists, and I am unable to identify the root cause. I would greatly appreciate your guidance on resolving this matter so I can successfully complete the code signing and notarization process. Thank you for your time and support.

When I submit my app for notarization, it takes more than 24 hours but still shows "In progress". Does anyone else experience the same issue? Here is the history records: Successfully received submission history. history -------------------------------------------------- createdDate: 2024-12-22T07:32:20.998Z id: 81f36df5-21a2-4101-a264-9ac62e7b85a5 name: Gatsbi.zip status: In Progress -------------------------------------------------- createdDate: 2024-12-22T04:00:29.496Z id: 6d99632c-7aef-4e46-bdef-d70845cd39b5 name: Gatsbi.zip status: In Progress -------------------------------------------------- createdDate: 2024-12-21T10:54:48.433Z id: 1fdcd6c6-d707-4521-9b4d-4a5f3e03959a name: Gatsbi.zip status: In Progress -------------------------------------------------- createdDate: 2024-12-21T10:05:02.700Z id: 4237e15e-00e3-4884-9bdd-f7f900af2dc1 name: Gatsbi.zip status: In Progress -------------------------------------------------- createdDate: 2024-12-21T08:40:19.404Z id: 102039b9-4a16-4fbb-8371-f9b6cb0e1a80 name: Gatsbi.zip status: In Progress -------------------------------------------------- createdDate: 2024-12-21T07:31:01.588Z id: b6f82941-1ac2-4f5d-99ed-c44141934a0d name: Gatsbi.zip status: Accepted

Hi Everyone, Just a quick, and what is probably a really simple question. Do I require a 'Paid' Apple Developer account if I just wish to notarise my application for use on my local network. I don't see myself needing to use the App Store in the near future. I know I can manually add the app and authorise it, but I'd like to avoid this. Kindly Ryn

We notarize all of our apps as part of our nightly build. Every few weeks Apple changes something in the developer agreement, and therefore require the primary account holder to accept the new terms. However, this means our nightly builds break until the terms are accepted, which is a true pain in the ***. Is there some way to tell notarytool to force the notarization? Or tell the lawyers to chill tf out? This seems to happen every 2-4 weeks.

From time to time I see folks run into error 65 when stapling a ticket to their notarised Mac software. This post explains the two common causes of that error. If you have questions or comments, start a new thread here on the forums. Put it in the Code Signing > Notarization topic area so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Resolving Error 65 When Stapling If you directly distribute Mac software, you must sign and notarise your product so that it passes Gatekeeper. For information on how to do this, see: Notarizing macOS software before distribution, if you use Xcode Creating distribution-signed code for macOS, Packaging Mac software for distribution, and Customizing the notarization workflow otherwise The last step of that process is to staple a ticket to your notarised product. This can fail with error 65. There are two common causes of that failure: No appropriate ticket Trust issues The following sections explain how to recognise and resolve these issues. Note You are not absolutely required to staple your product. See The Pros and Cons of Stapling for more on that topic. No Appropriate Ticket Consider the following stapling error: % stapler staple "TestError65.dmg" Processing: /Users/quinn/Desktop/TestError65 2025-03-03 22-12-47/TestError65.dmg CloudKit query for TestError65.dmg (2/d812985247c75e94fd603f026991f96144a031af) failed due to "Record not found". Could not find base64 encoded ticket in response for 2/d812985247c75e94fd603f026991f96144a031af The staple and validate action failed! Error 65. Note the Record not found message. This indicates that the stapling operation failed because there’s no appropriate ticket. To investigate this, look at the notary log: % notarytool-log b53042b6-4cbb-4cef-ade4-dae034a69947 { … "status": "Accepted", … "sha256": "f012735a6d53b17082c088627da4249c9988111d17e7a90c49aa64ebc6bae22e", "ticketContents": [ { "path": "TestError65.dmg/TestError65.app", "digestAlgorithm": "SHA-256", "cdhash": "abc27b0f2daee77b9316de3c6844fbd9e234621c", "arch": "x86_64" }, { "path": "TestError65.dmg/TestError65.app", "digestAlgorithm": "SHA-256", "cdhash": "9627c72e53d44ae77513613e2ce33314bd5ef41e", "arch": "arm64" }, { "path": "TestError65.dmg/TestError65.app/Contents/MacOS/TestError65", "digestAlgorithm": "SHA-256", "cdhash": "abc27b0f2daee77b9316de3c6844fbd9e234621c", "arch": "x86_64" }, { "path": "TestError65.dmg/TestError65.app/Contents/MacOS/TestError65", "digestAlgorithm": "SHA-256", "cdhash": "9627c72e53d44ae77513613e2ce33314bd5ef41e", "arch": "arm64" }, { "path": "TestError65.dmg", "digestAlgorithm": "SHA-256", "cdhash": "01a553c91ee389764971767f5082ab8c7dcece02" } ], "issues": null } First, make sure that the status field is Accepted. If there’s some other value, the notary service didn’t generate a ticket at all! To understand why, look at the rest of the notary log for errors and warnings. Assuming that your notarisation request was successful, look through the log for cdhash values. These represent the contents of the ticket generated by the notary service. Compare that list to the cdhash values of the code being signed: % hdiutil attach "TestError65.dmg" … … /Volumes/Install TestError65 % codesign -d -vvv --arch arm64 "/Volumes/Install TestError65/TestError65.app" … CDHash=9627c72e53d44ae77513613e2ce33314bd5ef41e … % codesign -d -vvv --arch x86_64 "/Volumes/Install TestError65/TestError65.app" … CDHash=abc27b0f2daee77b9316de3c6844fbd9e234621c … Those are all present in the ticket. However, consider the cdhash of the disk image itself: % codesign -d -vvv "TestError65.dmg" … CDHash=d812985247c75e94fd603f026991f96144a031af … That’s the cdhash that stapler is looking for: CloudKit query for TestError65.dmg (2/d812985247c75e94fd603f026991f96144a031af) failed due to "Record not found". But it’s not present in the notarised ticket. Note The term cdhash stands for code directory hash. If you’re curious what that’s about, see TN3126 Inside Code Signing: Hashes and the Notarisation Fundamentals DevForums post. What happened here is: I built the app. I signed it with my Developer ID code-signing identity. I created a disk image from that app. I signed that with my Developer ID code-signing identity. I notarised that. I then re-signed the disk image. This changes the cdhash in the code signature. Now the disk image’s cdhash doesn’t match the cdhash in the ticket, so stapling fails. To resolve this problem, make sure you’re stapling exactly the file that you submitted to the notary service. One good option is to compare the SHA-256 hash of the file you’re working on with the sha256 field in the notary log. Trust Issues Now consider this stapling error: % stapler staple "TestError65.dmg" Processing: /Users/quinn/TestError65.dmg Could not validate ticket for /Users/quinn/TestError65.dmg The staple and validate action failed! Error 65. Note how it’s different from the previous one. Rather than saying that the ticket was not found, it says Could not validate ticket. So, stapler found the ticket for the file and then tried to validate it before doing the staple operation. That validation failed, and thus this error. The most common cause of this problem is folks messing around with trust settings. Consider this: % security dump-trust-settings SecTrustSettingsCopyCertificates: No Trust Settings were found. % security dump-trust-settings -d SecTrustSettingsCopyCertificates: No Trust Settings were found. Contrast it with this: % security dump-trust-settings SecTrustSettingsCopyCertificates: No Trust Settings were found. % security dump-trust-settings -d Number of trusted certs = 1 Cert 0: Apple Root CA - G3 Number of trust settings : 10 … Someone has tweaked the trust settings for the Apple Root CA - G3 anchor. In fact, I used Keychain Access to mark the certificate as Always Trust. You’d think that’d avoid problems, but you’d be wrong. Our code signing machinery expects Apple’s anchor and intermediate certificates to have the default trust settings. IMPORTANT Some trust settings overrides are fine. For example, on my main work Mac there are trust settings overrides for Apple internal anchors. This problem occurs when there are trust settings overrides for Apple’s standard anchor and intermediate certificates. To fix this: In Terminal, run the dump-trust-settings commands shown above and build a list of Apple certificates with trust settings overrides. In Keychain Access, find the first problematic certificate in your list. Note that there may be multiple instances of the certificate in different keychains. If that’s the case, follow these steps for each copy of the certificate. Double click the certificate to open it in a window. If the Trust section is collapsed, expand it. Ensure that all the popups are set to their default values (Use System Defaults for the first, “no value specified” for the rest). If they are, close the window and move on to step 8. If not, set the popups to the default values and close the window. Closing the window may require authentication to save the trust settings. Repeat steps until 2 through 7 for each of the problematic certificates you found in step 1. When you’re done, run the dump-trust-settings commands again to confirm that your changes took effect.

TL;DR - What have I messed up on this notarization workflow? I'm completely new to Apple development. I have been trying to notarize an application I have written, that is then packaged as a .dmg. I am trying to notarize it using the command line tools (as it is an existing app, and not written in Xcode/Swift). My steps so far are as follows: All libraries, frameworks, and other executables have been signed (.dylib, .so etc.). I have avoided using --deep as I understand this is not recommended. The above includes all similar files included within zip archives (the cross platform framework I use places some inside a zip container). I have unzipped, signed, and rezipped. I have signed the main executable within "[NAME].app/MacOS" and the "[NAME].app" with an .entitlements file, and a certificate. codesign --verify --verbose --sign "$DEVELOPER_ID_APP_CERT" --timestamp --force --entitlements "$APP_NAME.entitlements" "$BUILD_DIR/$APP_NAME.app/Contents/MacOS/$APP_NAME" codesign --verify --verbose --sign "$DEVELOPER_ID_APP_CERT" --options runtime --entitlements "$APP_NAME.entitlements" "$BUILD_DIR/$APP_NAME.app" --force --timestamp echo "Checking for unsigned components..." codesign --verify --deep --verbose=4 "$BUILD_DIR/$APP_NAME.app" echo "Verifying entitlements..." codesign --display --entitlements :- "$BUILD_DIR/$APP_NAME.app" Both of the above checks come back as ok. Then, I have the following script lines which package the app as a .dmg and submit it to notarisation. hdiutil create -volname "$APP_NAME" -srcfolder $BUILD_DIR/$APP_NAME.app" -ov -format UDZO "$BUILD_DIR/$DMG_NAME" # Sign the DMG codesign --force --verify --verbose --sign "$DEVELOPER_ID_APP_CERT" "$BUILD_DIR/$DMG_NAME" # Notarize the DMG xcrun notarytool submit "$BUILD_DIR/$DMG_NAME" --key "[AUTH_KEY_LOCATION].p8" --key-id "[KEYID]" --issuer "[ISSUERID]" --wait # Staple the notarization ticket to the DMG xcrun stapler staple "$BUILD_DIR/$DMG_NAME" # Verify the notarization xcrun stapler validate "$BUILD_DIR/$DMG_NAME" After a 20 hour wait, I get the following back from the notarization service: id: 41931e00-2f34-4389-b5e1-fd76707c2162 status: Invalid Processing: [PATH]/[APP].dmg CloudKit query for [APP].dmg (2/a428f96446e143497380c0ae1f2b70661050aed6) failed due to "Record not found". Could not find base64 encoded ticket in response for 2/a428f96446e143497380c0ae1f2b70661050aed6 The staple and validate action failed! Error 65. Processing: [PATH]/[APP].dmg FotoLabAI.dmg does not have a ticket stapled to it. On a seperate submission, I noticed something about a note about audit.log not being found, but I can't find a reference to this on Google. So far as I understand, this is the file that is supposed to help me debug notarization errors. Normally I'd try more debugging myself, but I can't afford to wait 24h for feedback.

Hello. Last night, I was working on notarizing my macOS application. It succeeded for the first several requests, where I was submitting zipped applications. Then I tried to notarize a .pkg file. It has been in progress for 9+ hours, and the subsequent requests seem to be all waiting. Is there anything wrong with the notary service now? Is it true that subsequent requests will not proceed until the previous request is finished? Here's the log: createdDate: 2024-10-03T14:39:48.607Z id: 9739a538-1426-4036-971d-850f202306e0 name: <Redacted> status: In Progress -------------------------------------------------- createdDate: 2024-10-03T14:34:17.276Z id: c12e54d8-f362-4301-b099-ffcd51c27a91 name: <Redacted> status: In Progress -------------------------------------------------- createdDate: 2024-10-03T14:28:43.293Z id: 9a5b5c6b-37af-4761-944c-8ada884f6714 name: <Redacted> status: In Progress -------------------------------------------------- createdDate: 2024-10-03T13:56:35.675Z id: 32d46395-c5e3-4af5-9e02-01c1d8ae4865 name: <Redacted> status: In Progress -------------------------------------------------- createdDate: 2024-10-03T05:08:17.658Z id: 2c042894-79c8-4cc9-ab2b-a08920158023 name: <Redacted> status: In Progress

Hello, builds we've submitted for notarization have been stuck in the In-Progress stage for a while now. The process has taken less than 10 minutes in the past. The latest of which is id: 86916f85-b82f-4a95-982b-1232387a92e1. We haven't made any stark changes so we're not clear on what the issue is. Is the best way forward to submit a support ticket?

Here is the situation: We are shipping an application bundle which is submitted to the notarization service for approval. The application bundle adheres to the notarization standards and is approved. Problem: We need to ship a zip file inside this application. This zip file has all the files that are signed. Most of the files are signed by us. However there are some 3P zip files which are not signed by us. We would rather not open these 3P zip files as there might be SLAs involved here. As a result we end up with a zip file which contains mixed signatures. This zip file needs to be part of that application that needs to be notarized. Question: What is the best way to do this in order for the notarization service to approve the application and ship the zip file as part of the application? Note: We don't know if all the files inside the 3P zips are correctly signed (example: With Hardened Runtime). They are all signed though Also, when the zip files contents are laid out onto the customer machine, they are all signed and validated. However, some files might not have hardened runtime. Thanks in advance.

Hello, We use GitHub actions to build, sign and notarize our app. Everything was working fine, but lately the notarization has been failing almost every time. Only about 10% of attempts are successful. We haven't made any changes to the signing and notarizing processes. Here is command we use xcrun notarytool submit app.zip --wait --apple-id *** --team-id *** --password *** > notarization_output.txt Here is the error /Users/runner/work/_temp/c0b6c8e4-86d1-4307-af86-43666fcf39c7.sh: line 1: 3158 Bus error: 10 xcrun notarytool submit app.zip --wait --apple-id *** --team-id *** --password *** > notarization_output.txt

I'm trying to store credentials on my keychange by doing this: xcrun notarytool store-credentials --apple-id APPLE-ID --team-id TEAM-ID I then I'm asked for a profile name, and the the App-specific password for my apple-id. This is when I'm getting an error: "Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct.". Now, I've generated the app specific pw by logging in here: https://account.apple.com/ but when I login to my Developers account, I do it here: https://developer.apple.com/account/ I've signed up for the "$99 a year"-program. Is there a problem that I've created the pw on what looks like my "private" page and not my "developer" page?

Hi, I have built a MacOS application that I intend to distribute directly. I have created a disk image and code-signed successfully with the following response. xcrun notarytool info --apple-id "" --password "" --team-id "" I have also submitted the app for notarisation which says it's accepted. equipp@equipps-MacBook-Pro dist % xcrun notarytool submit SendFiles.dmg --keychain-profile "Sendfiles-Notarisation" --wait Conducting pre-submission checks for SendFiles.dmg and initiating connection to the Apple notary service... Submission ID received id: a2941225-b036-47b3-a010-547b0dce6a1a Upload progress: 100.00% (79.0 MB of 79.0 MB) Successfully uploaded file id: a2941225-b036-47b3-a010-547b0dce6a1a path: /Users/equipp/Documents/GitHub/sendfiles/dist/SendFiles.dmg Waiting for processing to complete. Current status: Accepted................ Processing complete id: a2941225-b036-47b3-a010-547b0dce6a1a status: Accepted When I run the application on a clean mac, I am still getting the error that this application is from an unidentified developer and might contain malware.(There's internet connection) However, when I try to staple the application, I am getting an error 65. Unsure what's going wrong with the notarisation. equipp@equipps-MacBook-Pro dist % xcrun stapler staple SendFiles.dmg Processing: /Users/equipp/Documents/GitHub/sendfiles/dist/SendFiles.dmg Could not validate ticket for /Users/equipp/Documents/GitHub/sendfiles/dist/SendFiles.dmg The staple and validate action failed! Error 65. equipp@equipps-MacBook-Pro dist % Can you please help?

Hi, I have been notarizing my code for several years with the same procedure, but today I have the following message : Conducting pre-submission checks for FencingFox.zip and initiating connection to the Apple notary service... Error: HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct. CloudKit query for FencingFox.pkg (1/00a276f170785e1dcbfbd6873a00b9309672338b) failed due to "Record not found". Could not find base64 encoded ticket in response for 1/00a276f170785e1dcbfbd6873a00b9309672338b The staple and validate action failed! Error 65. I have changed my apple password and migrated to Sequoia. How should I investigate the issue ?

Hello. I am developing an electron app with vscode. And I have some problems while signing and notarizing. I signed it with electron-osx-sign command. Then I tried notarize using xcrun notarytool submit .zip --keychian-profile "NotaryCredential" --wait. but the result says it is invalid. so I show the notarize log. Below is the log file. It says some framework bundles are not signatured. Please check it and let me know what is the problem. Thank you. notarize log.txt

We've recently updated our build server to macOS 15.1.1 and ever since notarization sporadically fails. Notarytool says No Keychain password item found for profile: foo, even though that item is present. I found out it works when I either log in using Remote Desktop (don't need to do anything else, just login and wait) or when running security unlock-keychain via SSH (but that one's not persistent, either). We're using GitLab (via gitlab-runner on the build server) and so far notarization hasn't had much problems with the keychain. That started with macOS 15.1. Are there any changes in 15.1 that we need to be aware of to make this stable?

I just paid for 99$ a year and it's already 48hrs ago since I've paid. But when I click on my name it still says "Pending" and on the main landingpage on https://developer.apple.com/account it still says this "Purchase your membership. To continue your enrollment, complete your purchase now Your purchase may take up to 48 hours to process." Do I need a membership to codesign and notarising my VST plugins? Cause that'a what I bought it for.

I am developling a electron app, failed when notarize. I filled in 3 fields: appleId: my apple account email apple id password: I generated it from https://account.apple.com/account/manage/section/security, the "app-specific password" team id: I get it from https://developer.apple.com/account How can I fix it? Log: { "logFormatVersion": 1, "jobId": "7bedcb38-5ca7-4d69-be96-1bd660b67942", "status": "Rejected", "statusSummary": "Team is not yet configured for notarization. Please contact Developer Programs Support at developer.apple.com under the topic Development and Technical / Other Development or Technical Questions.", "statusCode": 7000, "archiveFilename": "Samira.zip", "uploadDate": "2024-12-04T11:34:01.999Z", "sha256": "e9cea98493836dfd4c238a25e6d8dae31ed529ed353d4f8463313ee3d431c741", "ticketContents": null, "issues": null }