Yes, you are correct, I am using altool. I will switch to notarytool. I have been getting the --notarization-info, but it's not very enlightening:
{
"logFormatVersion": 1,
"jobId": "8863eb65-048a-4cf8-b713-02520a396a11",
"status": "Invalid",
"statusSummary": "Archive contains critical validation errors",
"statusCode": 4000,
"archiveFilename": "MyPackage.pkg",
"uploadDate": "2022-02-06T22:42:56Z",
"sha256": "95f1dc7b8a7f83ac954bc4a41909d339f552c56db3c53ac43270e15bf347e135",
"ticketContents": null,
"issues": [
{
"severity": "error",
"code": null,
"path": "MyPackage.pkg Contents/Payload/Applications/MyApp.app/Contents/MacOS/name-of-executable",
"message": "The signature of the binary is invalid.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "MyPackage.pkg/Contents/Payload/Applications/MyApp.app/Contents/Helpers/a-dll.app/Contents/MacOS/a-dll",
"message": "The signature of the binary is invalid.",
"docUrl": null,
"architecture": "x86_64"
}
]
}
Post
Replies
Boosts
Views
Activity
I'm using macOS 10.15 (Catalina), so I can develop and reach back to as many users as possible.
I am using XCode 12.1. Apparently notarytool is not compatible with XCode 12.1, and I have to continue using altool?
So, I still have a problem. I have displayed the log returned from LogFileURL (see above), but there is no useful information. Why is codesign saying my binary is signed correctly, but Notarization says nay-nay?
I tried upgrading to the latest XCode, but the App Store tells me it's not compatible with my version of macOS.
What next?
Thank you for your patience and expertise. Some clarifications are in order.
[1] Backwards compatibility
My app has been running on Windows since 1995. Last year we converted it to Qt in order to run on macOS as well. We sell to consumers, who sometimes cling to older version of macOS (eg. 10.12). In order to serve this market, we currently use Qt 5.12, which wants to run on macOS 10.15 at the latest. We will move forward as soon as we think we're not leaving too many customers behind. The binary executables created with Qt run on macOS 11 and 12.
[2] notarytool and Xcode 13
I tried to upgrade from Xcode 12 to Xcode 13, and it said that Xcode 13 was not compatible with my version of macOS (10.15). Is there a different way to do it?
[3] codesign
I have run codesign -v -vvv --deep --strict /path/to/MyApp.app on my app. Every component says "validated", and the final diagnosis is:
/path/to/MyAppMyApp.app: valid on disk
/path/to/MyApp.app: satisfies its Designated Requirement
Is it necessary to unpack the app in order to validate it with codesign? Can I not run codesign directly on the .app file?
So, why is the signature OK in the local copy, but fails in the cloud?
OK, we found the problem. In the Packages project, it seems we added the App as a folder instead of a bundle. We are still using altool for now.
Why did this work for months before we started getting errors? Did Apple change its validation algorithm?
I wish Apple invested as much effort in its Notarization error diagnostic messages, as it does in its vaunted user interface. This is the antithesis of "user-friendly".
Anyway, thanks again for your help and patience.
OK, we finally got this working. Of course I don't expect you to advise on third-party apps. I just wish the Apple programmers had spent a little bit more effort on displaying more detailed, informative error messages. What we see is second-rate.
Thank you again for your help.
Thanks for your reply.
What constitutes a "bundle"? My .PKG includes 750 files, located in 87 directories nested five deep. There are .APPs withih the .APP.
I have read "Placing content in a bundle", it leaves me confused.
Herewith is the directory structure of the .APP. Where do I draw the line for a bundle?
./Frameworks
./Frameworks/QtCore.framework
./Frameworks/QtCore.framework/Versions
./Frameworks/QtCore.framework/Versions/5
./Frameworks/QtCore.framework/Versions/5/Resources
./Frameworks/QtCore.framework/Versions/5/_CodeSignature
./Frameworks/QtDBus.framework
./Frameworks/QtDBus.framework/Versions
./Frameworks/QtDBus.framework/Versions/5
./Frameworks/QtDBus.framework/Versions/5/Resources
./Frameworks/QtDBus.framework/Versions/5/_CodeSignature
./Frameworks/QtGui.framework
./Frameworks/QtGui.framework/Versions
./Frameworks/QtGui.framework/Versions/5
./Frameworks/QtGui.framework/Versions/5/Resources
./Frameworks/QtGui.framework/Versions/5/_CodeSignature
./Frameworks/QtHelp.framework
./Frameworks/QtHelp.framework/Versions
./Frameworks/QtHelp.framework/Versions/5
./Frameworks/QtHelp.framework/Versions/5/Resources
./Frameworks/QtHelp.framework/Versions/5/_CodeSignature
./Frameworks/QtNetwork.framework
./Frameworks/QtNetwork.framework/Versions
./Frameworks/QtNetwork.framework/Versions/5
./Frameworks/QtNetwork.framework/Versions/5/Resources
./Frameworks/QtNetwork.framework/Versions/5/_CodeSignature
./Frameworks/QtPrintSupport.framework
./Frameworks/QtPrintSupport.framework/Versions
./Frameworks/QtPrintSupport.framework/Versions/5
./Frameworks/QtPrintSupport.framework/Versions/5/Resources
./Frameworks/QtPrintSupport.framework/Versions/5/_CodeSignature
./Frameworks/QtSql.framework
./Frameworks/QtSql.framework/Versions
./Frameworks/QtSql.framework/Versions/5
./Frameworks/QtSql.framework/Versions/5/Resources
./Frameworks/QtSql.framework/Versions/5/_CodeSignature
./Frameworks/QtSvg.framework
./Frameworks/QtSvg.framework/Versions
./Frameworks/QtSvg.framework/Versions/5
./Frameworks/QtSvg.framework/Versions/5/Resources
./Frameworks/QtSvg.framework/Versions/5/_CodeSignature
./Frameworks/QtWidgets.framework
./Frameworks/QtWidgets.framework/Versions
./Frameworks/QtWidgets.framework/Versions/5
./Frameworks/QtWidgets.framework/Versions/5/Resources
./Frameworks/QtWidgets.framework/Versions/5/_CodeSignature
./Frameworks/QtXml.framework
./Frameworks/QtXml.framework/Versions
./Frameworks/QtXml.framework/Versions/5
./Frameworks/QtXml.framework/Versions/5/Resources
./Frameworks/QtXml.framework/Versions/5/_CodeSignature
./Helpers
./Helpers/tp5.app
./Helpers/tp5.app/Contents
./Helpers/tp5.app/Contents/FtmSdk
./Helpers/tp5.app/Contents/FtmSdk/en
./Helpers/tp5.app/Contents/MacOS
./Helpers/tp5.app/Contents/MonoBundle
./Helpers/tp5.app/Contents/MonoBundle/en
./Helpers/tp5.app/Contents/Resources
./Helpers/tp5.app/Contents/Resources/Main.storyboardc
./Helpers/tp5.app/Contents/Resources/Main.storyboardc/MainMenu.nib
./Helpers/tp5.app/Contents/_CodeSignature
./Helpers/tp5_2024.app
./Helpers/tp5_2024.app/Contents
./Helpers/tp5_2024.app/Contents/FtmSdk
./Helpers/tp5_2024.app/Contents/FtmSdk/en
./Helpers/tp5_2024.app/Contents/MacOS
./Helpers/tp5_2024.app/Contents/MonoBundle
./Helpers/tp5_2024.app/Contents/MonoBundle/en
./Helpers/tp5_2024.app/Contents/Resources
./Helpers/tp5_2024.app/Contents/Resources/Main.storyboardc
./Helpers/tp5_2024.app/Contents/_CodeSignature
./MacOS
./Plugins
./Plugins/bearer
./Plugins/imageformats
./Plugins/platforms
./Plugins/printsupport
./Plugins/sqldrivers
./Plugins/styles
./Resources
./Resources/CC_Qt skins
./Resources/Help
./Resources/borders
./Resources/borders/borders
./_CodeSignature
OK, thanks very much for your help.
I found my problem: my .app file was stored on an NTFS (Bootcamp) partition. The notarization was failing, in spite of successfully being signed for years. Surprise!
Copying it to a regular Mac drive enables it to be notarize successfully.
Three weeks I'll never get back.