I have an app built using python with pyinstaller. I was able to successfully get the app notarized and open it on my computer as well as a different one (OS 11.6.1). I can also get the pkg successfully notarized, but when I attempt to launch it on my own computer (or a different one), an error box immediately appears stating "There was an error reading the package" along with "JavaScriptError." I looked at the log file corresponding to the notarization, and I saw no error messages or warnings. Neither "java" nor "javascript" appear anywhere. This was not a problem for me a couple weeks ago when using a slightly different version of my program. Is there a different log file of some type, associated with javascript, that might shed light on the problem? Update: I did just try to check whether package passed the gatekeeper test by typing spctl -a '/Users/..../application.pkg' at the terminal, which returned "rejected"

I've only started to learn about the notarization process within the past eight months. About every three weeks or so, after I've added features to a piece of software I'm writing, I check to make sure I can still get it notarized. Everything worked fine until today. My workflow is the following (I'm running Mac 11.6.1) My program is written in python using tkinter and converted to an .app using pyinstaller. It runs fine on my own machine. I'm not using XCode. Build the package: productbuild --component Desktop/dist/my_app.app Desktop/my_app.pkg Product sign the package: productsign --force --deep --sign 'Developer ID Installer: MyName (XXXXXX7RBW)' /Users/Desktop/my_app.pkg /UsersDesktop/my_app_signed.pkg Check that code is signed. pkgutil --check-signature Desktop/my_app_signed.pkg Obtain an app specific password by visiting https://appleid.apple.com/account/manage Submit for notarization: xcrun altool --notarize-app -f Desktop/my_app_signed.pkg --primary-bundle-id XXXXXX7RBW -u my_email_address -p' @keychain: Developer ID Installer: MyName (XXXXXX7RBW) Enter my app specific password when instructed to do so. When things worked fine a few weeks ago, there was an extra step before completing step (2): For some reason I had problems signing and notarizing up to that time due to directory names containing periods. These were located in PyQt5 within the application bundle. I deleted these folders, notarization worked, and my program ran fine on a different Mac. Now the notarization fails due to several executables inside Contents/MacOS/ , such as QtDesigner, QtMacExtras, QtNetwork, and a few others starting with Qt. One exception consists of the dylib file libz.1.2.11.dylib. The log yields the typical "lack of a valid time-stamp" or "lack of valid developer IT certificate" messages. The only real difference in my package since I had it last notarized three weeks ago is that it now utilizes a python module, netgraph, which is likely using aspects of PyQt. So, I'm seeking advice for how to address this error. Am I correct that I will need to sign the problem executables individually? If so, what is the correct way to do so. For example, instead of creating my package and product signing, should I code sign the individual problem executables and then package them with the app? Thanks

I've created a package from an app using productbuild and signed it using productsign --sign 'Developer ID Installer: MyName (XXXXXX7RBW)' /Users/Desktop/my_app.pkg /Users/Desktop/my_app_signed.pkg I then checked the signature via pkgutil --check-signature /Users/Desktop/my_appsigned.pkg I uploaded the package for notarization, which subsequently failed. The error log indicated two binaries were not signed with a valid developer ID certificate. The names were QtWebSockets and QtQmlModels. While I've encountered similar obstacles in the past, they usually arose when folder names contained periods. I simply deleted the folders from the package, which seemed to have no effect on its functionality. This error is altogether new for me though.

In my keychain I have my developer ID listed under "Name" as Developer ID Installer: My Name (XXXXXX7RBW), where I've replaced the first six digits with XXXXXX I then built my package using productbuild --sign 'Developer ID Installer: MyName (XXXXXX7RBW)' --component '/Users/Desktop/dist/main_app.app' /Applications /Users/Desktop/dist/main_app.pkg The package appeared where it should, so I then proceeded to the signing: productsign --sign 'Developer ID Installer: MyName (XXXXXX7RBW)' /Users/Desktop/dist/main_app.pkg /Users/Desktop/dist/main_app_signed.pkg Everthing seemed to proceed smoothly, and I observed main_app_signed.pkg appeared where it should. The uploading is where I'm a bit confused: xcrun altool --notarize-app -f /Users/Desktop/dist/main_app_signed.pkg --primary-bundle-id XXXXXX7RBW -u myemail-p'@keychain:Developer ID Application: MyName (XXXXXX7RBW)' I was then asked for my password. I assume this is my Apple developer's, which I entered. The error message stated, "Unable to upload your app for notarization. Failed to get authorization for username 'myemail' and password." What am I missing here?

I'm fairly new to the process of notarizing apps and have created a program using Python and Pyinstaller. I’m able to upload the zip file to Apple for notarization via the command xcrun altool --notarize-app -f /Users/Desktop/dist/myapp.zip --primary-bundle-id ######7RBW -u my_emailaddress-p '@keychain:Python Notarization' where ###### denotes the first six characters of my Developer ID Application and "Python Notarization" is the name of my Developer ID listed on my keychain. (I don’t understand what each portion of the above command does, but it seems to work.) I’m also able to run the notarized program on a different computer. Now I wish to sign and notarize the installer package. I added a 3rd Party Mac Developer Installer certificate to my keychain. (Its ID number is the same as the developer one.) The keychain indicates the certificate is “trusted for this account.” To sign the package I tried using productsign --sign 'My Name (######7RBW)' /Users/Desktop/dist/my_app.pkg /Users/Desktop/dist/my_app_signed.pkg The result included the warning message Warning: unable to build chain to self-signed root for signer "3rd Party Mac Developer Installer: My Name (######7RBW)" I then tried to check the signature using pkgutil --check-signature /Users/Desktop/dist/my_app_signed.pkg This resulted in Package "my_app_signed.pkg":   Status: signed by a certificate that has since expired   Certificate Chain:   1. 3rd Party Mac Developer Installer: My Name (######7RBW)     Expires: 2023-01-13 17:17:55 +0000     SHA256 Fingerprint:       46 1A 51 B5 1F 21 81 90 CE 24 DB 86 79 1E F8 90 08 54 A2 CB D1 2E        E7 0E 99 C1 BD 46 A4 42 19 9E I see my_app_signed.pkg was created, but, based upon the last output above, and the fact I cannot install the program using this installer, something is definitely wrong. I sense the problem lies with the 3rd Party Mac Developer Installer on my keychain. I must have done something wrong. Among other things, the certificate should not be expired since I obtained my Developer's account only six months ago.

I developed an app using python and pyinstaller. I was able to sign it and have it notarized. I verified the app worked when I transferred the zip file to another computer. Now I'm struggling to create a package installer as outlined in the directions at https://developer.apple.com/forums/thread/128166 At the command prompt I entered the following: productbuild --sign 'My Name (######7RBW)' --component '/Users/myname/Desktop/dist/my_app.app' /Applications '/Users/myname/Desktop/dist/my_app.pkg' where ###### is the first six entries of my developer ID. The error message stated (Could not find appropriate signing identity for “My Name (######7RBW)”.) I'm sure this is a common error, but I'm not sure what I did incorrectly above. FWIW, I was able to follow the directions for creating a disk image of my app.

I created my app on a Mac (OS 11.6.1) using Python 3.9 and the pyinstaller package. I was able to go through the notarization and stapling steps okay. Moreover, typing spctl --assess --type execute -vvv '/Users/fishbacp/Desktop/dist/main_app.app' resulted in /Users/fishbacp/Desktop/dist/main_app.app: accepted source=Notarized Developer ID origin=Developer ID Application: John Doe (XXXXXXXXXX) I tried to launch the app on someone else's machine (OS 12.0.1) after unzipping it. The icon bounced around in the system tray for a few seconds before disappearing. If it helps at all, the app runs fine on my machine, but the icon appearance changes after a few seconds from what I chose it to be to the python matplotlib icon shown below:

My app was created outside of Xcode but using Python with Pyinstaller. I received no error messages when signing, although the output did mention that signed app bundle with Mach-O thin Then I entered the following: xcrun altool --notarize-app -f /Users/fishbacp/Desktop/Python_May_2021/dist/My_Application_10_7.zip --primary-bundle-id MyID -u fishback.paul@gmail.com -p "@keychain:Python Notarization" where I've covered up my ID. The file is uploaded correctly but notarization fails. The LogFileURL produces 24 error messages, all indicating a binary was not signed or the signature does not contain a valid timestamp. Here are two examples: {"severity": "error", "code": null, "path": "My_Application.zip/My_Application.app/Contents/Resources/PyQt5/Qt/qml/QtQuick.2/libqtquick2plugin.dylib", "message": "The binary is not signed.", "docUrl": null, "architecture": "x86_64" }, and {"severity": "error", "code": null, "path": "My_Application_10_7.zip/My_Application_10_7.app/Contents/Resources/PyQt5/Qt/qml/QtQml/WorkerScript.2/libworkerscriptplugin.dylib", "message": "The signature does not include a secure timestamp.", "docUrl": null, "architecture": "x86_64" } What's common about all the errors is that the dylib resides in a subdirectory of PyQt5 whose name contains a period. Ben Hagen describes how such a presence of periods can prevent signing and provides a workaround script at https://github.com/pyinstaller/pyinstaller/wiki/Recipe-OSX-Code-Signing-Qt. I used this tool to sign my app. But somehow I need to do something more prior to uploading for notarization.