notarization error : The signature of the binary is invalid

I use below command to notarize my xxxx_setup.pkg


sudo xcrun altool --notarize-app --primary-bundle-id "net.xxxx.xxxx" --username "xxxx@gmail.com" --password "xxxxxxxxxx" --file ./xxxx_setup.pkg -itc_provider "XXXXXXXX"

Uploading is performed normally. And from the logFile of notarization-info command, I got the error message of my main executable file (yyyy) under xxxx.app/Contents/MacOS as below:

Code Block
{
"logFormatVersion": 1,
"jobId": "34e7712f-8ebe-49a7-b10a-9863eba7c666",
"status": "Invalid",
"statusSummary": "Archive contains critical validation errors",
"statusCode": 4000,
"archiveFilename": "xxxx_setup.pkg",
"uploadDate": "2021-04-06T14:07:55Z",
"sha256": "944b56a56cb91c06b937b548fe9fbb6a2d039e4d4fe949819cac93d3821dff42",
"ticketContents": null,
"issues": [
{
"severity": "error",
"code": null,
"path": "xxxx_setup.pkg/xxxx.pkg Contents/Payload/Applications/xxxx.app/Contents/MacOS/yyyy",
"message": "The signature of the binary is invalid.",
"docUrl": null,
"architecture": "x86_64"
}
]
}


I have used command below to check the binary yyyy

codesign -vvv --deep --strict /path/to/binary


and I get info below :

yyyy : valid on disk
yyyy : satisfies its designated requirement.

I use codesign -dvvv to validate the signature of the execuable file. All the timestamp and signed are there.

So who can help me to dig out these bugs.





Anyone can give me some help to pass the notarization service?

Below is my codesign command for the bundle, and the --deep parameter affects the signature of the main executable file.

sudo codesign --force --deep --timestamp --options=runtime -s "Developer ID Application: Some Company (XXXXXX)" ./XXXX.app

And I also tried to codesign the single executable file yyyy directly, but the error remained. I need more info to move forward.

Or somebody can tell me how to connect with Apple Notarization Service Team. Their notarization response cannot point out what blocks my executable file.

Or somebody can tell me how to connect with Apple Notarization Service
Team.

My organisation, DTS, supports the notary service. If you want formal support here, open a DTS tech support incident. I try to help out on DevForums as much as time allows but a TSI lets me allocate the time to help you out one-on-one.

the --deep parameter affects the signature of the main executable
file

I recommend against using --deep, for the reasons I outlined in --deep Considered Harmful. Rather, sign each code item separately, from the inside out. See Signing a Mac Product For Distribution for all the details.

If you still have problems you should unpack the installer package that you submitted to the notary service (it should have the SHA-256 checksum shown in your notarisation log) and check the code signature of the resulting app. Do this using codesign -vvv --deep --strict /path/to/your.app, that is, passing in the path to the app’s bundle not the app’s main executable.

See Unpacking Apple Archives for info on how to manually unpack an installer package.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
notarization error : The signature of the binary is invalid
 
 
Q