Notarize attempts failure

Code Signing Notarization
TomYaacov1 OP
Created May ’22
Replies 5
Boosts 0
Views 1.5k
Participants 3

Hello everyone,

Issue: fail to notarize my application.

usage: electron.js

**debug log: ** {   "logFormatVersion": 1,   "jobId": "22136043-4cf2-49a9-8a27-90d045cd9345",   "status": "Invalid",   "statusSummary": "Archive contains critical validation errors",   "statusCode": 4000,   "archiveFilename": "WandDesktop.zip",   "uploadDate": "2022-05-24T09:20:02Z",   "sha256": "7a4f03eff95fc4e9c3ac0d93fd926ea4669e07ed40dffaa58f34a08238e3ecfe",   "ticketContents": null,   "issues": [     {       "severity": "error",       "code": null,       "path": "WandDesktop.zip/WandDesktop.app/Contents/MacOS/WandDesktop",       "message": "The signature of the binary is invalid.",       "docUrl": null,       "architecture": "x86_64"     }   ] }

I've been trying to notarize for several days and constantly receiving the error above.

path/to/Contents/MacOS/exec contains only the executable file.

**entitlements: **   com.apple.security.cs.allow-jit         com.apple.security.cs.allow-unsigned-executable-memory         com.apple.security.cs.allow-dyld-environment-variables         com.apple.security.cs.disable-library-validation    

**checked signature: ** WandDesktop.app: valid on disk WandDesktop.app: satisfies its Designated Requirement

asar: true hardenedRuntime: true

nested code: everything is packed correctly and separated to Resources/MacOS etc.

Obviously I went through a lot of other related issues both from electron community and apple, but no solution works so far.

Any lead would help, Best regards.

Replies  5
Boosts  0
Views  1.5k
Participants  3
nk_kennedy OP
May ’22

You are trying to notarize the zip file. You notarize the app. The zip is only for final distribution.

Since you mentioned electron, there is a strong likelihood that you will continue to get notarization failures after this. But you have to fix the zip first. Then, once your notarization commands are working, don't forget to actually try to post it and download said zip. That is where it is most likely to fail.

0
nk_kennedy OP
May ’22

Maybe post the exact commands you are using to sign and notarize.

Normally when someone has an app file, they just do everything in Xcode. So when people have problems, they are typically trying to notarize PKG or DMG files. Sometimes I've seen people do the zip/notarize sequence incorrectly. That's probably what I was thinking about originally, but that would have probably caused a different result.

Are you using the commands as described on this page? https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow

0
DTS Engineer OP
Apple
May ’22

Do this:

  1. Find the zip archive you submitted to the notary service.

  2. Calculate its SHA-256 hash:

    % shasum -a 256 WandDesktop.zip

  3. Confirm that it matches the one shown in the sha256 property of the notary log.

  4. Double click the zip archive in the Finder to unpack it.

  5. Run this command against the resulting app:

    % codesign -v -vvv --deep --strict WandDesktop.app

What does it report?

ps Please format the output as a code block; that makes it much easier to read. Use triple backquote delimiters for this or, alternatively, click the Code Block button. For this and other tips, see Quinn’s Top Ten DevForums Tips.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
DTS Engineer OP
Apple
May ’22

The absence of errors from codesign indicates that something more obscure is causing this. To find out what that is I’m going to have to look at your submission, and I don’t have time to do that in the context of DevForums. Please open a DTS tech support incident and we can pick things up in that context.

When you submit your request make sure to reference this thread so that it comes straight to me.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
DTS Engineer OP
Apple
Jun ’22

I figured I should post the result here, for the benefit of all…

TomYaacov1’s problem was caused by sequestered AppleDouble files, as discussed in Extended Attributes and Zip Archive. I’m not going to go into the specifics here, but I wanted to post some general advice:

  • Extended attributes can cause a wide variety of problems for Mac software; only use them if absolutely necessary.

  • After building your zip archive, add a check for AppleDouble files (where the name starts with ._). If you find any, think carefully about whether you need the extended attributes that they contain.

  • If your product requires extended attributes, make sure that the AppleDouble files are not sequestered, but rather appear in the directory hierarchy next to the primary file. That’s the default when you build a zip archive with ditto as shown in Packaging Mac Software for Distribution.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Notarize attempts failure
First post date Last post date
 
 
Q