Hi devs! We are developing a plugin for Rhino3D for macOS therefore creating a dylib that our code uses. So far so good, with xcrun altool + xcrun stapler everything worked nice and dandy we notarized the dylib and stapled it all good before xcode 13. Now with the change in notarization we are migrating to xcrun notarytool and it works nicely and the dylib is notarized no problems but xcrun stapler refuse to staple the dylib. The man page tells us that the dylib is not a valid format to be stapled. Any suggestion on how to solve this problem? For reference this is what we do. /usr/bin/ditto -c -k --keepParent <dylib_path> <zipped_dylib> xcrun notarytool submit <zipped_dylib> --apple-id <myid> --password <password> --team-id <team_id> --wait xcrun stapler staple -v <dylib_path> Thanks a lot! Alberto

Hello, I would like to know the most appropriate and correct way to run a C program that relies on a third-party dylib that has already been notarized. I am developing a desktop app that will be published in the Mac App Store. However, when I try to run the C program as I did before notarization, I encounter the following error: dyld[13471]: Library not loaded: third-party.dylib Referenced from: <962ACED9-BC9C-3AF4-B350-EF0D8DC75C99> /path/to/c/program Reason: tried: ‘third-party.dylib' (relative path not allowed in hardened program), '/System/Volumes/Preboot/Cryptexes/OSthird-party.dylib' (no such file), 'third-party.dylib' (relative path not allowed in hardened program), '/usr/lib/third-party.dylib' (no such file, not in dyld cache). What are the alternatives for running the C program?

I distribute an application in a zip file from my website. the application needs access to some files next to it to run properly. The application is correctly signed and notarized and stapled.Of course if I download it from my website, it gets the quarantine attribute. When I try to open it for the first time, a gatekeeper warning saying that the application comes from the internet, but has been checked by apple and no malware has been detected is displayed. My impression is that the application has been correctly signed and notarized. but If confirm that I wan to open it, the quarantine attribute is not deleted. spctl -a -v /path/to/Myapp.app path/to/Myapp.app: accepted source=Notarized Developer ID

Hey everyone, I have knowledge of Python from data science background and a friend of mine wrote an app based on Python. This app was converted to binaries for windows, which works fine, and also to a macOS binary that runs fine from the command line, but I fail to make it double clickable. I now want to dive a little into app development for macOS to make this a real one click app with all these features like signing and notarizing (I am aware this requires an Apple developer account) and stuff. What I want to learn is some Xcode basics (GUI and command line) especially for building Python projects for arm64 and x86_64 and notarizing. Building C++ projects for arm64 and x86_64. Maybe some basic understanding of Object-C and Swift (no complete coding stuff, since I want to stick to Python). Is there a good course someone can recommend (doesn’t have to be free) that covers these topics so I don’t have to browse through a lot of online resources (which I will of course still have to do later)? Thanks everyone :).

I get this error when I try to upload my app to the notary service. Signing seems to work but not the upload phase. I have tried to close the app and also reboot the computer. The problem persists. Text: Couldn’t communicate with a helper application. OS: Mac Monterey (M1) XCode version: 14.2

Notarization step fails: New AppID and password created: xcrun notarytool submit “.dmg” --apple-id “” --team-id “” --password “” --verbose --wait Error: HTTP status code: 401. Your Apple ID has been locked. Visit iForgot to reset your account (https://iforgot.apple.com), then generate a new app-specific password. Ensure that all authentication arguments are correct. I have reset app password many times, not result. Codesigning completes normally: Mac OS 11.5.2 Xcode 13.2.1

Asset validation failed (90283) Invalid Provisioning Profile. The provisioning profile included in the bundle com.abc.mac [com.abc.mac.pkg/Payload/abc.app] is invalid. [Missing code-signing certificate.] For more information, visit the macOS Developer Portal. (ID: xxxxxxxx-e193-4623-8dbe-xxxxxxxxxxxx) I get the above error while uploading .pkg which is electron web app bundled through electron-bundler file through transporter for testFlight.

This is the command I use, but must migrate, to notarize a macOS app: xcrun altool --notarize-app -f "$outputDmg" --primary-bundle-id "$notarizeBundleId" -u "$notarizeUser" -p "@keychain:AC_PASSWORD" The migration docs I read implied that the following should work: xcrun notarytool submit --apple-id "$notarizeUser" "--team-id" $notarizeTeam --password "@keychain:AC_PASSWORD" "$outputDmg" But it doesn't. I can get it to work only if I put the password from the keychain on the command line. I cannot accept this. What can I do to make this work?

I publish a universal application built with Qt. When I run notarytool the application runs on Apple Silicon, but not on Intel Macs. It complains about a Qt framework not found. When I run "xcrun altool" on my older Mac the application runs on both platforms without problems.

i'm using quill 0.2.0 to sign and notarize an arm64 binary and I've been getting HTTP 400 error from the notarization server. Signing and notarization has worked without hiccups throughout this year, but last night after getting the error it ended up working without any changes to the certs or call to quill. This morning started getting the error again and only 1 of the 2 binaries were able to be signed with retries. Still getting this error on 1: <HTML><HEAD>\n<TITLE>Bad Request</TITLE>\n</HEAD><BODY>\n<H1>Bad Request</H1>\nYour browser sent a request that this server could not understand.<P>\nReference&#32;&#35;7&#46;4c822c17&#46;1692969095&#46;ec8f4c4b\n</BODY>\n</HTML>\n Is there a change being rolled out for the apple notarization service that requires a change on the client end? Or should this really be an http 500 error?

Hi people, I hope you could help me as I am stuck in a dead end. I am a developper for company and we are changing from altool to notarytool. Prior to that the code of the app has not been signed. So now what I do is: codesign --deep --force --verbose --timestamp --options runtime --sign "Developer ID Application: Phrase a.s. (${PHRASE_ID})" ${codesigne_app} The result of this operation is verified with codesign --deep --strict --vvv ${codesigne_app} which ends in a lot of --prepared and --validated lines with TranslationEditor.app: valid on disk TranslationEditor.app: satisfies its Designated Requirement Yet when I try to upload for notarization res=$(xcrun notarytool submit te-build/dist/app/TranslationEditor.app.zip --apple-id stepan.svoboda@memsource.com --password $APP_PASSWORD --team-id ${PHRASE_ID} --wait 2>&1) I get {   "logFormatVersion": 1,   "jobId": "2b959997-4ac5-4bc5-a220-8f46d6b91a9b",   "status": "Invalid",   "statusSummary": "Archive contains critical validation errors",   "statusCode": 4000,   "archiveFilename": "TranslationEditor.app.zip",   "uploadDate": "2023-08-29T05:53:39.152Z",   "sha256": "938633e08d17f1d658ada3987017a8e9bf5afee96e5f976b31809df5daf5677c",   "ticketContents": null,   "issues": [     {       "severity": "error",       "code": null,       "path": "TranslationEditor.app.zip/TranslationEditor.app/Contents/MacOS/TranslationEditor",       "message": "The signature of the binary is invalid.",       "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735",       "architecture": "x86_64"     }   ] } I visited the link, tried to google, ChatGPT about it. Tried to verify the codesign ... Do you know how I can learn why it is signature of the binary is invalid? Maybe to get some more detailed log? Something the hints on what was deemed invalid? How I can debug that? How I can learn what is wrong? I am short on ideas.

{ "logFormatVersion": 1, "status": "Rejected", "statusSummary": "Team is not yet configured for notarization. Please contact Developer Programs Support at developer.apple.com under the topic Development and Technical / Other Development or Technical Questions.", "statusCode": 7000, "ticketContents": null, "issues": null } I've tried notarizing my electron app but I get this error all the time. I've contacted Apple Developer Technical Team but I've been redirected to Developer Programs Support. I've asked them to approve the Team for notarization and they've redirected me back to Technical Team and said that the Team is not approved for notarization, which I know already from the logs error. I've watched every topic related to this Team is not yet configured for notarization issue, like : https://developer.apple.com/forums/thread/118465 But it didn't helped much, because I suppose it's something that the Developer Programs Support needs to approve. My Team seems configured in App Connect, everything seems to be in place, I've accepted all the agreements, don't know what else to accept or do for Team to be approved, I didn't receive next steps from the Apple Developer Program Support Team. It's been 2 months since I'm trying to notarize and the deadline is coming, so please if anybody can help out to fix this. Thank you

I'm trying to notarize a simple Electron app (packaged with electron-forge, zip size: 150MB) using new notarytool. When submitting the bundle it hangs on IN PROGRESS for more than 20 hours with no result yet. I verified the app is signed. Anybody has an idea what's wrong? notarytool version: 1.0.0 (28)

Hello, I have a valid developer ID downloaded from Apple. I signed the code (compiled exe file for intel Macs) and put it into a ZIP, which I also signed. While signing I use timestamp and hardener option: codesign -s "$LbaDevID" -o runtime -f --timestamp $conFile3 codesign -s "$LbaDevID" -o runtime -f --timestamp $conZip3 where variable $LbaDevID represent my Dev code id (VALID, downloaded from Apple after request cert; and $conFile3 the path to the exe file and $conZip3 the path to the ZIP (just $conFile3 zipped) I attempt to notarize using the following command: xcrun notarytool submit $compZip3 --keychain-profile "TestAppNotarz" --wait the reply Log downloaded says: Invalid dev ID (which is valid) no timestamp... I corrected this error after the 1st attempt but the reply says exactly the same, even when I can see "TIMESTAMP" in the signature. The third and last error refers to the runtime, which is present but not being seen. Any help on how to troubleshoot this issue will be highly appreciated! Please point me to the relevant documentation to solve this issue...

I seems like a pretty common issue but i'll make a post about it specifically for what i'm seeing. Its my first time notarizing an app so maybe its something in my config, but i'm not seeing any errors. For simplicity I cloned, built and signed the sample Electron Forge app following the steps on https://www.electronforge.io/ "Getting Started". The build zip is 90MB so its not that large. My production application will be DMG, but even that is stuck (Maybe because the zips before it are currently stuck) Trying to manually notarize via notarytool just hangs. I used xcrun notarytool submit <Package> --keychain-profile "NotaryProfile" --wait Running xcrun notarytool history --keychain-profile "NotaryProfile" outputs the following. createdDate: 2023-09-06T14:49:59.810Z id: 838c0903-d136-4241-be98-174152a7e3cf name: my-new-app.zip status: In Progress -------------------------------------------------- createdDate: 2023-09-06T14:31:08.880Z id: 1ce6ef46-8b09-4b20-9f61-81292b2dcbb9 name: my-new-app.zip status: In Progress -------------------------------------------------- createdDate: 2023-09-06T14:10:23.726Z id: 71bc9206-036e-46c7-aadf-6bfaa4097743 name: my-new-app.zip status: In Progress -------------------------------------------------- createdDate: 2023-09-06T13:54:35.527Z id: 7c7fd365-1f08-48c6-a314-3a1809019f9c name: my-new-app.zip status: In Progress Its been about 7 hours since my first attempt. I tried to pull logs by calling xcrun notarytool log --keychain-profile "NotaryProfile" aa6e9df3-ef62-4058-8bcc-683f015b412a but it seems like non exist yet. Submission log is not yet available or submissionId does not exist id: aa6e9df3-ef62-4058-8bcc-683f015b412a Not sure whats going on, but its pretty far off from the time estimate of 5 - 45 minutes. Any help is appreciated. NotaryTool version is 1.0.0 (28)