I created a new sample project and enabled hardened runtime. The code signing is successful and app successfully got uploaded to apple notary service as I received a xcode notification regarding notarized app export.
I have validated the code signing using below command
codesign -vvv --deep --strict '/Users/***/Downloads/NotarizedApp/AppNotaryAndDistrib.app'
which gives following o/p
/Users/***/Downloads/NotarizedApp/AppNotaryAndDistrib.app: valid on disk
/Users/***/Downloads/NotarizedApp/AppNotaryAndDistrib.app: satisfies its Designated Requirement
My requirement is to distribute the appliation software through a package installer, for the same I created a installer package using package tool [http://s.sudre.free.fr/Software/Packages/about.html]. The codesigning of installer package is also successful
productsign --sign "Developer ID Installer: Team Name (Team Identifier)" "AppNotaryAndDistri.pkg" "AppNotaryAndDistri_1.0_Installer.pkg"
The O/P of productsign command is mentioned below:
productsign: using timestamp authority for signature
productsign: signing product with identity "Developer ID Installer: Team Name (Team Identifier)" from keychain /Users/***/Library/Keychains/login.keychain-db
productsign: adding certificate "Developer ID Certification Authority"
productsign: adding certificate "Apple Root CA"
productsign: Wrote signed product archive to AppNotaryAndDistri_1.0_Installer.pkg
To notarize the signed installer package, i used the following command
xcrun altool --notarize-app --primary-bundle-id "application-bundle-id" --username "apple-account-id" --password "app-specific-password" --file AppNotaryAndDistri_1.0_Installer.pkg
which returns a request uuid successfully
No errors uploading 'AppNotaryAndDistri_1.0_Installer.pkg'.
RequestUUID = 7f24e166-b47a-47d8-b09d-21268886351e
The notarization info command o/p is below:
RequestUUID: 7f24e166-b47a-47d8-b09d-21268886351e
Status: success
Status Code: 0
Status Message: Package Approved
Till now everything looks good and no error from apple, also developer_log doesn't give any error. But when i try stapling using
xcrun stapler staple 'AppNotaryAndDistri_1.0_Installer.pkg'
it gives following error
Could not validate ticket for /Users/***/Downloads/MacSigning/AppNotaryAndDistri/AppNotaryAndDistri_1.0_Installer.pkg
The staple and validate action failed! Error 65.
Tried below command
xcrun stapler staple -v 'AppNotaryAndDistri_1.0_Installer.pkg'
which says
Downloaded ticket has been stored at file:/// path-to-ticket
Could not validate ticket for /Users/***/Downloads/MacSigning/AppNotaryAndDistri/AppNotaryAndDistri_1.0_Installer.pkg
The staple and validate action failed! Error 65.
The problem is without stapling, When user tries to install the software, the system prompts an alert saying ***.pkg can't be opened because Apple cannot check it for malicious software. I don't want user should see such alerts. I am stuck on it from a week. please let me know what is wrong in the process, did i miss any step? Pls assist...
Got this working!!
@eskimo reply on this thread helped me finally.