Error: Must provide credentials

Code Signing Notarization
annick OP
Created Dec ’22
Replies 11
Boosts 0
Views 2.2k
Participants 2

Hi, I am using notarytool to submit an app. I have created an Apple Store Connect key, stored it and used notary tool store-credentials, which completed successfully. Yet when I submit my package using the created profile I get the message : Error : Must provide credentials. The created profile does not appear in Keytool. Same when running with sudo

Replies  11
Boosts  0
Views  2.2k
Participants  2
DTS Engineer OP
Apple
Dec ’22

Same when running with sudo

Don’t use sudo for this stuff. It’s just makes things worse.

I am using notarytool to submit an app.

What specific commands are you use for each of your two steps?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
annick OP
Dec ’22

I have tried xcrun notarytool store-credentials --apple-id "myapple-id" --password "appspecificpassword" --team-id "myteamid" But the profile does not show in keytool, yet the command show success.

Then xcrun notarytool submit --keychain-profile "theaboveprofile" --wait

0
DTS Engineer OP
Apple
Dec ’22

But the profile does not show in keytool

What’s keytool? It seem to be a Java thing, which isn’t relevant to this discussion. I would expect the stored credentials to show up in the macOS keychain, which you can view using the Keychain Access app.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
annick OP
Jan ’23

Sorry, key tool was a wrong translation for Trousseau de clés in French, I meant Keychain Access. The credentials don't show up in Keychain.

0
annick OP
Jan ’23

Is it necessary to activate the iCloud synchronisation for Keychain ?

0
DTS Engineer OP
Apple
Jan ’23

Is it necessary to activate the iCloud synchronisation for Keychain ?

No. But be aware that the data protection keychain is named differently depending on this state (either iCloud Keychain or Local Items). For more background on this, see TN3137 On Mac keychain APIs and implementations.

IIRC notarytool does store credentials in the data protection keychain. Whether they’re visible there depends on the type of credential. You seem to be using an app-specific password, and Keychain Access will show password items.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
annick OP
Jan ’23

Hi, I have finally spotted the Keychain entry, which is named com.apple.gke.notary.tool account : com.apple.gke.notary.tool.saved-creds.notaire3

when I use notarytool using the "notaire3" profile, the code is uploaded correctly, but I get a missing credentials error after that.

0
DTS Engineer OP
Apple
Jan ’23

the code is uploaded correctly, but I get a missing credentials error after that.

Hmmm, that seems weird. I’d expect notarytool to check your credentials before it starts the upload and, if they work for that, they should continue working.

I’d like to see a full transcript of the command you issued and the output from notarytool. To do this:

  1. Open a new Terminal window.

  2. Set things up so that you’re ready to notary.

  3. Choose Edit > Clear to Start to clear the window.

  4. Run your notarytool command.

  5. Choose File > Export Text as to export the transcript.

  6. Post that here as a text attachment.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
annick OP
Jan ’23

annick2@macmini3 ToSignDemo64 % xcrun notarytool submit FencingFoxDemoNewSigned.pkg.zip  --keychain-profile "notaire3" --wait

Conducting pre-submission checks for FencingFoxDemoNewSigned.pkg.zip and initiating connection to the Apple notary service...

Submission ID received

  id: ceae8fc8-75cd-4b8c-9634-def10fd7c1eb

Upload progress: 100,00 % (58,0 MB of 58,0 MB)   

Successfully uploaded file

  id: ceae8fc8-75cd-4b8c-9634-def10fd7c1eb

  path: /Volumes/DATA/saintgeorges/DeliveryMac/ToSignDemo64/FencingFoxDemoNewSigned.pkg.zip

Waiting for processing to complete.

Current status: Invalid...........

Processing complete

  id: ceae8fc8-75cd-4b8c-9634-def10fd7c1eb

  status: Invalid

annick2@macmini3 ToSignDemo64 % xcrun notarytool log ceae8fc8-75cd-4b8c-9634-def10fd7c1eb

Error: Must provide credentials.

See the 'store-credentials' command, App Store Connect API key options (--key, --key-id, --issuer), or app-specific password options (--apple-id, --password, --team-id).

annick2@macmini3 ToSignDemo64 % 

0
DTS Engineer OP
Apple
Jan ’23

You posted two commands:

  • The first indicates that you were able to submit your product but it was rejected by the notary service. To investigate that, look at the notary log. For details on how to get that, see Fetching the Notary Log.

  • The second is just a usage error. The log command requires credentials, just like the submit command. To fix this, pass in the same --keychain-profile "notaire3" argument as you did for the first command.

ps Please post preformatted text using a code block; that makes it much easier to read. For this and more DevForums tips, see Quinn’s Top Ten DevForums Tips.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
annick OP
Jan ’23

Thank you, I was finally able to notarize my app successfully. The problem was with the second command

0
Error: Must provide credentials
First post date Last post date
 
 
Q