I have put my application for notarization and it's been more than 2 hours and it still shows in Progress to me. Is there any issue or way to notarize faster ?
Notarization
RSS for tagNotarization is the process of scanning Developer ID-signed software for malicious components before distribution outside of the Mac App Store.
Post
Replies
Boosts
Views
Activity
TL;DR - What have I messed up on this notarization workflow? I'm completely new to Apple development.
I have been trying to notarize an application I have written, that is then packaged as a .dmg.
I am trying to notarize it using the command line tools (as it is an existing app, and not written in Xcode/Swift).
My steps so far are as follows:
All libraries, frameworks, and other executables have been signed (.dylib, .so etc.). I have avoided using --deep as I understand this is not recommended.
The above includes all similar files included within zip archives (the cross platform framework I use places some inside a zip container). I have unzipped, signed, and rezipped.
I have signed the main executable within "[NAME].app/MacOS" and the "[NAME].app" with an .entitlements file, and a certificate.
codesign --verify --verbose --sign "$DEVELOPER_ID_APP_CERT" --timestamp --force --entitlements "$APP_NAME.entitlements" "$BUILD_DIR/$APP_NAME.app/Contents/MacOS/$APP_NAME"
codesign --verify --verbose --sign "$DEVELOPER_ID_APP_CERT" --options runtime --entitlements "$APP_NAME.entitlements" "$BUILD_DIR/$APP_NAME.app" --force --timestamp
echo "Checking for unsigned components..."
codesign --verify --deep --verbose=4 "$BUILD_DIR/$APP_NAME.app"
echo "Verifying entitlements..."
codesign --display --entitlements :- "$BUILD_DIR/$APP_NAME.app"
Both of the above checks come back as ok.
Then, I have the following script lines which package the app as a .dmg and submit it to notarisation.
hdiutil create -volname "$APP_NAME" -srcfolder $BUILD_DIR/$APP_NAME.app" -ov -format UDZO "$BUILD_DIR/$DMG_NAME"
# Sign the DMG
codesign --force --verify --verbose --sign "$DEVELOPER_ID_APP_CERT" "$BUILD_DIR/$DMG_NAME"
# Notarize the DMG
xcrun notarytool submit "$BUILD_DIR/$DMG_NAME" --key "[AUTH_KEY_LOCATION].p8" --key-id "[KEYID]" --issuer "[ISSUERID]" --wait
# Staple the notarization ticket to the DMG
xcrun stapler staple "$BUILD_DIR/$DMG_NAME"
# Verify the notarization
xcrun stapler validate "$BUILD_DIR/$DMG_NAME"
After a 20 hour wait, I get the following back from the notarization service:
id: 41931e00-2f34-4389-b5e1-fd76707c2162
status: Invalid
Processing: [PATH]/[APP].dmg
CloudKit query for [APP].dmg (2/a428f96446e143497380c0ae1f2b70661050aed6) failed due to "Record not found".
Could not find base64 encoded ticket in response for 2/a428f96446e143497380c0ae1f2b70661050aed6
The staple and validate action failed! Error 65.
Processing: [PATH]/[APP].dmg
FotoLabAI.dmg does not have a ticket stapled to it.
On a seperate submission, I noticed something about a note about audit.log not being found, but I can't find a reference to this on Google. So far as I understand, this is the file that is supposed to help me debug notarization errors.
Normally I'd try more debugging myself, but I can't afford to wait 24h for feedback.
Hello,
I'm currently facing issues with the notarization process for my macOS app, which has been in progress for several days without completion. I’ve submitted multiple builds over the past few days, but they all remain stuck in "In Progress" status.
{
"message": "Successfully received submission history.",
"history": [
{
"status": "In Progress",
"id": "3bab3c0e-203d-4d66-87e5-e9c46e366a6c",
"name": "Offer鸡.zip",
"createdDate": "2024-09-29T19:20:39.240Z"
},
{
"createdDate": "2024-09-29T18:28:08.522Z",
"status": "In Progress",
"name": "Offer鸡.zip",
"id": "9bb19fae-e7c2-485b-90c5-7158a1639225"
},
{
"createdDate": "2024-09-29T12:31:52.458Z",
"name": "Offer鸡.zip",
"id": "ff0ec784-7014-412e-9e42-30feae65b546",
"status": "In Progress"
},
{
"status": "In Progress",
"id": "4be0d351-e3db-43cb-a2ce-71ebdecd623a",
"createdDate": "2024-09-29T05:39:23.409Z",
"name": "Offer鸡.zip"
},
{
"status": "In Progress",
"createdDate": "2024-09-28T18:15:00.601Z",
"name": "Offer鸡.zip",
"id": "2a4947e0-3a4b-45e0-832a-723fdf221cbf"
},
{
"id": "e50fbd60-8448-4f12-8539-22dcf24caee5",
"name": "offerji.zip",
"createdDate": "2024-09-27T07:47:50.919Z",
"status": "In Progress"
},
{
"createdDate": "2024-09-26T21:45:10.596Z",
"name": "offerji.zip",
"status": "Rejected",
"id": "fc3490e9-3ff5-49f8-a08a-5bfac7cca81d"
},
{
"createdDate": "2024-09-26T06:59:51.950Z",
"id": "d003f48c-01ec-48f7-89e0-8b8f5ad700bd",
"name": "offerji.zip",
"status": "Invalid"
}
]
}
I also encountered two previous submission failures:
offerji.zip (submitted on 2024-09-26 at 21:45) - Rejected
offerji.zip (submitted on 2024-09-26 at 06:59) - Invalid
Could anyone provide insight into what might have caused the earlier failures? And is it common for notarization to take this long? Any advice on how to expedite or resolve this issue would be greatly appreciated!
Thanks in advance for your help.
Hello,I have been using Apple’s notarization services for some time, but for some reason, it has been failing for the last two days.
Please find the command and it's output.
Conducting pre-submission checks for Espressif-IDE-macosx-cocoa-aarch64.dmg and initiating connection to the Apple notary service...
Submission ID received
id: bde93f95-4208-45c2-b238-1bcf629648c7
Error: abortedUpload(resumeRequest: SotoS3.S3.ResumeMultipartUploadRequest(uploadRequest: SotoS3.S3.CreateMultipartUploadRequest(acl: nil, bucket: "notary-submissions-prod", bucketKeyEnabled: nil, cacheControl: nil, contentDisposition: nil, contentEncoding: nil, contentLanguage: nil, contentType: nil, expectedBucketOwner: nil, _expires: SotoCore.OptionalCustomCoding<SotoCore.HTTPHeaderDateCoder>(value: nil), grantFullControl: nil, grantRead: nil, grantReadACP: nil, grantWriteACP: nil, key: "prod/AROARQRX7CZS3PRF6ZA5L:bde93f95-4208-45c2-b238-1bcf629648c7", metadata: nil, objectLockLegalHoldStatus: nil, objectLockMode: nil, _objectLockRetainUntilDate: SotoCore.OptionalCustomCoding<SotoCore.ISO8601DateCoder>(value: nil), requestPayer: nil, serverSideEncryption: nil, sSECustomerAlgorithm: nil, sSECustomerKey: nil, sSECustomerKeyMD5: nil, sSEKMSEncryptionContext: nil, sSEKMSKeyId: nil, storageClass: nil, tagging: nil, websiteRedirectLocation: nil), uploadId: "C18xItDUHLkciEHQt_ctoMujceWSoVDz6_V8GRjSPhb2JI4YghXecKH3AVdBVKfTiPXInPr_TbF1aIfWJVKGkuIPtmKm6yzybc1mXTJDWlO.306kjAf5sNxO2H5ksNuy6Jqluc9gXAt3FFJKJZrf1CO3g_mIdfwGNUvQsAP3NpyoOWyDX6E4Ti36IdEZrlOj", completedParts: [SotoS3.S3.CompletedPart(eTag: Optional("\"089a88c4fb3c6844234dc2a89c027da7\""), partNumber: Optional(1)), SotoS3.S3.CompletedPart(eTag: Optional("\"e0e74de26a56733b7a1a5dd48e1f4184\""), partNumber: Optional(2))]), error: The operation couldn’t be completed. (Network.NWError error 54 - Connection reset by peer))
[log.txt](https://developer.apple.com/forums/content/attachment/ccc54854-9f87-4b44-bcac-8fd5efb53e81)
Hello. Last night, I was working on notarizing my macOS application. It succeeded for the first several requests, where I was submitting zipped applications. Then I tried to notarize a .pkg file. It has been in progress for 9+ hours, and the subsequent requests seem to be all waiting. Is there anything wrong with the notary service now? Is it true that subsequent requests will not proceed until the previous request is finished?
Here's the log:
createdDate: 2024-10-03T14:39:48.607Z
id: 9739a538-1426-4036-971d-850f202306e0
name: <Redacted>
status: In Progress
--------------------------------------------------
createdDate: 2024-10-03T14:34:17.276Z
id: c12e54d8-f362-4301-b099-ffcd51c27a91
name: <Redacted>
status: In Progress
--------------------------------------------------
createdDate: 2024-10-03T14:28:43.293Z
id: 9a5b5c6b-37af-4761-944c-8ada884f6714
name: <Redacted>
status: In Progress
--------------------------------------------------
createdDate: 2024-10-03T13:56:35.675Z
id: 32d46395-c5e3-4af5-9e02-01c1d8ae4865
name: <Redacted>
status: In Progress
--------------------------------------------------
createdDate: 2024-10-03T05:08:17.658Z
id: 2c042894-79c8-4cc9-ab2b-a08920158023
name: <Redacted>
status: In Progress
Hello, builds we've submitted for notarization have been stuck in the In-Progress stage for a while now. The process has taken less than 10 minutes in the past.
The latest of which is id: 86916f85-b82f-4a95-982b-1232387a92e1.
We haven't made any stark changes so we're not clear on what the issue is. Is the best way forward to submit a support ticket?
Several hours ago I've uploaded my simple Xcode Storyboard App on Apple Notarization Service. The upload process worked successfully and I could check the notarization status via xcrun notarytool info command.
And a few minutes ago, I've met a following error when I execute the xcrun notarytool info command for checking the status of notarization:
Error: internalError(statusCode: Optional(500), strData: nil, jsonData: Optional(["statusCode": 500, "errors": <__NSSingleObjectArrayI 0x600001d58ed0>(
{
code = "UNEXPECTED_ERROR";
detail = "<null>";
id = ISDIE4GVHVXLMO24V7L5LFUHXM;
links = "<null>";
status = 500;
title = "Uncaught server exception";
}
How can I fix this error?
Hello Apple Developer Community,
I've been working on notarizing my macOS application, Deep Focus, built using Electron, but I'm encountering persistent issues with binary signatures being reported as invalid during the notarization process.
I followed Apple's notarization documentation and ensured that all necessary configurations are in place, but I'm still seeing multiple "Invalid" errors in the notarization log.
Here’s the process I've followed so far:
1. System and Tools Setup:
macOS version: Apple M1 Pro Sonoma 14.5
macOS SDK: macOS 15.0
Xcode version: Version 16.0 (16A242d)
(Using VSCode instead of XCode since this is an Electron /JavaScript project.)
Link to source code for inspection
2. Notarization Process:
Successfully stored credentials in Keychain using xcrun notarytool store-credentials.
Signed all app components, including frameworks, using the command:
for framework in "dist/Deep Focus-darwin-arm64/Deep Focus.app/Contents/Frameworks/"*.framework; do
codesign --force --deep --options runtime --timestamp --sign "Developer ID Application: Timeo Williams (3Y4F3KTSJA)" "$framework"
done
Verified that Hardened Runtime is enabled and included the required entitlements.
3. Verification:
Checked code signatures with codesign -vvv --deep --strict Deep Focus.app, which returned valid results for all components.
Verified the presence of the _CodeSignature directory for each framework and confirmed proper entitlements using:
codesign -d --entitlements - Deep Focus.app
4. Notarization Submission
Compressed the app into a .zip file and submitted it with xcrun notarytool submit --keychain-profile "notary" --wait.
Although the notarization log provided detailed error messages, it still reported the following issues:
"The signature of the binary is invalid" for several frameworks, including Electron, ReactiveObjC, and Mantle.
{
"statusSummary": "Archive contains critical validation errors",
"statusCode": 4000,
"issues": [
{
"path": "Deep Focus.zip/Deep Focus.app/Contents/Frameworks/Electron Framework.framework/Electron Framework",
"message": "The signature of the binary is invalid.",
"architecture": "arm64"
},
...
]
}
I've double-checked the signing process and attempted re-signing the frameworks, but the notarization continues to fail due to these invalid signatures. I’m not sure what’s causing the _CodeSignature file to be missing for some frameworks even after signing.
[I also installed the Signet app to test verification.
My Questions:
What could be causing the binary signatures to be reported as invalid during notarization, despite the app satisfying its designated requirements according to codesign?
Is there a specific way I should be handling Electron-based apps for macOS notarization that differs from standard macOS apps?
Could the issue be related to the use of ARM64 architecture, and are there any additional steps required for signing on ARM-based systems?
Are there any known compatibility issues with frameworks like ReactiveObjC, Mantle, or Squirrel that could affect the notarization process?
Any guidance or troubleshooting steps would be greatly appreciated. Thank you in advance!
I am packaging an app with QtWebEngine in it, after codesign the app and the QtWebEngine Framework, the app can run properly.
The codesign result is:
valid on disk
staisfies its Designated requirements
Then I notarized and stapled the dmg file, after the dmg installed on Mac, gatekeeper still failed the check.
Here is the result for spctl:
spctl -a -t open -vvv --context context:primary-signatue Remote\ Graphics\ Workstation_.dmg
Remote Graphics Workstation_.dmg: rejected
source=Insufficient Context
Need help to identify the codesign process and the root cause why gatekeeper fail here, thanks.
Here is the situation:
We are shipping an application bundle which is submitted to the notarization service for approval.
The application bundle adheres to the notarization standards and is approved.
Problem: We need to ship a zip file inside this application. This zip file has all the files that are signed. Most of the files are signed by us. However there are some 3P zip files which are not signed by us. We would rather not open these 3P zip files as there might be SLAs involved here.
As a result we end up with a zip file which contains mixed signatures. This zip file needs to be part of that application that needs to be notarized.
Question: What is the best way to do this in order for the notarization service to approve the application and ship the zip file as part of the application? Note: We don't know if all the files inside the 3P zips are correctly signed (example: With Hardened Runtime). They are all signed though
Also, when the zip files contents are laid out onto the customer machine, they are all signed and validated. However, some files might not have hardened runtime.
Thanks in advance.
Hello,
We use GitHub actions to build, sign and notarize our app. Everything was working fine, but lately the notarization has been failing almost every time. Only about 10% of attempts are successful. We haven't made any changes to the signing and notarizing processes.
Here is command we use
xcrun notarytool submit app.zip --wait --apple-id *** --team-id *** --password *** > notarization_output.txt
Here is the error
/Users/runner/work/_temp/c0b6c8e4-86d1-4307-af86-43666fcf39c7.sh: line 1: 3158 Bus error: 10 xcrun notarytool submit app.zip --wait --apple-id *** --team-id *** --password *** > notarization_output.txt