Is there a timing issue with app notarization and the stapler?

I have an automated build process and when I call:


xcrun altool --notarize-app -t osx -f myApp.dmg --primary-bundle-id com.me.myapp -u me@me.com -p @env:NotarizePassword --asc-provider MeGmbH


It takes a while but eventuall completes with:

No errors uploading 'myApp.dmg'.

RequestUUID = f8b23fc1-ebcf-44a9-984c-abf0ad7123a0


My script then calls:

xcrun stapler staple myApp.dmg


which returns:

Processing: myApp.dmg

CloudKit query for myApp.dmg (2/3707747e82a2daf8902310827531a510a471cde1) failed due to "record not found".

Could not find base64 encoded ticket in response for 2/3707747e82a2daf8902310827531a510a471cde1

The staple and validate action failed! Error 65.



But if I try to run the stapler manually later it works.


I saw someone else's build script where they had a 20 second sleep before calling the stapler. Is this required?


Do I need to go into a loop and keep trying to call the stapler X number of times with a sleep inbetween?

I realize now that "xcrun altool --notarize-app" just uploads the app for notarization so the fact that it has succeeded doesn't mean the app was notarized.


So it is probably not feasable for the build script to staple the notarization to the installer since it could take some time before you know if it worked or not.

Is there a timing issue with app notarization and the stapler?
 
 
Q