warning in the notarization report: .pkg failed trust evaluation

Code Signing General
OneTwoThree OP
Created Oct ’19
Replies 5
Boosts 0
Views 1.4k
Participants 3

Hi,

I have submitted a dmg for notarization. I got the report as package is notarized. In the report under "issues" section, i get the following error. This is the new error we are seeing. We were able to sent the package earlier.


{

"severity": "warning",

"code": null,

"path": "CWSPackage6_4.dmg/OSX/CWS Wrapper.pkg",

"message": "b'2019-10-23 04:03:03.557 extractpkgcontent[5534:43343] All Resoueces (\\n Bom,\\n Distribution,\\n Payload,\\n Scripts,\\n PackageInfo\\n)\\n2019-10-23 04:03:03.557 extractpkgcontent[5534:43343] Extracting subpath: Bom\\n2019-10-23 04:03:03.560 extractpkgcontent[5534:43343] Extracting subpath: Distribution\\n2019-10-23 04:03:03.561 extractpkgcontent[5534:43343] Skipping Distribution\\n2019-10-23 04:03:03.561 extractpkgcontent[5534:43343] Extracting subpath: Payload\\nCould not extract Payload due to Is a directory.\\n2019-10-23 04:03:03.575 extractpkgcontent[5534:43343] Extracting subpath: Scripts\\n2019-10-23 04:03:03.576 extractpkgcontent[5534:43343] Skipping Scripts\\n2019-10-23 04:03:03.576 extractpkgcontent[5534:43343] Extracting subpath: PackageInfo\\nExtract of file:///tmp/tmp33ts951j/CWSPackage6_4.dmg.unpacked_00/OSX/CWS%20Wrapper.pkg failed.\\nExtract packages failed with error: (null)\\n'",

"docUrl": null,

"architecture": null

},


All the other .pkg inside the package failed with following error.

{

"severity": "warning",

"code": null,

"path": "CWSPackage6_4.dmg/OSX/Common Utilities/Calibrator3.pkg",

"message": "b'file:///private/tmp/tmp33ts951j/CWSPackage6_4.dmg.unpacked_00/OSX/Common%20Utilities/Calibrator3.pkg failed trust evaluation.\\n2019-10-23 04:03:10.665 extractpkgcontent[5536:43353] All Resoueces (\\n Bom,\\n Payload,\\n Scripts,\\n PackageInfo\\n)\\n2019-10-23 04:03:10.666 extractpkgcontent[5536:43353] Extracting subpath: Bom\\n2019-10-23 04:03:10.671 extractpkgcontent[5536:43353] Extracting subpath: Payload\\nCould not extract Payload due to Is a directory.\\n2019-10-23 04:03:11.026 extractpkgcontent[5536:43353] Extracting subpath: Scripts\\n2019-10-23 04:03:11.026 extractpkgcontent[5536:43353] Skipping Scripts\\n2019-10-23 04:03:11.026 extractpkgcontent[5536:43353] Extracting subpath: PackageInfo\\nExtract of file:///private/tmp/tmp33ts951j/CWSPackage6_4.dmg.unpacked_00/OSX/Common%20Utilities/Calibrator3.pkg failed.\\nExtract package failed with error: The file doesn\\xe2\\x80\\x99t exist.\\n'",

"docUrl": null,

"architecture": null

},

Answered by william_auto in 391005022

We got a response back from the Notary team in a ticket:

"This was a spurious error that's being addressed today. Please Ignore it. There's nothing to do on your side.”


We'll try to notarize a build tomorrow and see if it's fixed.

Replies  5
Boosts  0
Views  1.4k
Participants  3
DTS Engineer OP
Apple
Oct ’19

Hmmm, that sounds like there was a failure to build the chain of trust from your Developer ID Installer certificate to the Apple root. I’ve seen things like this before when the signing was done on a system that was either missing the WWDR intermediate or had some wonky trust setting.

To rule out anything specific to your package, run the following tests:

  1. Create a small test app and notarise that from Xcode.

  2. Put that inside a simple package (creating using 

    productbuild
    ) and notarise that.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
william_auto OP
Oct ’19

We're seeing the same error on several PKG files that was previously able to be notarized with no errors. As a result, the pkg is not extracted and the files within are not notarized. Has the extraction method changed?


"issues": [

{

"severity": "warning",

"code": null,

"path": "MyCorp_MyApp_2020_Mac_OSX.dmg/Install MyApp 2020.app/Contents/Helper/Packages/Licensing/myPackage.pkg",

"message": "b'file:///private/tmp/tmpr0a6ayri/MyCorp_MyApp_2020_Mac_OSX.dmg.unpacked_00/Install%20MyApp%202020.app/Contents/Helper/Packages/Licensing/myPackage.pkg failed trust evaluation.\\n2019-10-24 17:55:28.666 extractpkgcontent[801:5572] All Resoueces (\\n Bom,\\n Payload,\\n PackageInfo\\n)\\n2019-10-24 17:55:28.666 extractpkgcontent[801:5572] Extracting subpath: Bom\\n2019-10-24 17:55:28.668 extractpkgcontent[801:5572] Extracting subpath: Payload\\nCould not extract Payload due to Is a directory.\\n2019-10-24 17:55:28.679 extractpkgcontent[801:5572] Extracting subpath: PackageInfo\\nExtract of file:///private/tmp/tmpr0a6ayri/MyCorp_MyApp_2020_Mac_OSX.dmg.unpacked_00/Install%20MyApp%202020.app/Contents/Helper/Packages/Licensing/myPackage.pkg failed.\\nExtract package failed with error: The file doesn\\xe2\\x80\\x99t exist.\\n'",

"docUrl": null,

"architecture": null

},



Other PKG files within the same DMG _are_ being extracted and files within notarized. Once difference I can see is that on the PKG that is extracted, the top-level directory in the PKG is called "Contents". The failing PKG files have a top-level directory called "Payload". Example:


myPackage.pkg/Contents/Payload = worked

myOtherPackage.pkg/Payload = failed

0
william_auto OP
Oct ’19
Accepted Answer

We got a response back from the Notary team in a ticket:

"This was a spurious error that's being addressed today. Please Ignore it. There's nothing to do on your side.”


We'll try to notarize a build tomorrow and see if it's fixed.

0
OneTwoThree OP
Oct ’19

Hi,

It started working for me as well without anychange from our side.


regards

PK

0
william_auto OP
Oct ’19

Works for us today too 🙂

0
warning in the notarization report: .pkg failed trust evaluation
First post date Last post date
 
 
Q