migration notarytool from altool - in enterprise network

Hello. I am doing a migration from altool to notarytool.

I am doing the above on an enterprise network which is not able to communicate with the outside world except for some URLs, ports.

Previously, when I was using altool to execute notarize, I requested the administrator to open url, port by referring to the document below, and so far, it is proceeding without any problem.

The problem is that when I use notarytool to notarize, it tries to access a new domain called appstoreconnect.apple.com, which is not in the documentation above.

Did I need to ask my network administrator to allow only the above URL or the other? Or is there another way to do notarize without accessing that URL?

If there is any additional documentation on opening hosts and ports that I am not aware of, I would appreciate it if you could point me to it.

Up vote post of taehwauser Down vote post of taehwauser
458 views
Posted by
taehwauser
Reply
Add a Comment

Replies

There’s specific info about what notarytool requires here.

That doesn’t list appstoreconnect.apple.com but that might be because it’s not strictly necessary. What subcommand are you running when you see that access?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Thanks for reply

Here's the notarytool command I used. (try both keychain profile and id base)

$ xcrun notarytool submit ./mynotarytarget.pkg --team-id "myteamid" --keychain-profile "Notarize"
$ xcrun notarytool history --apple-id "myappleid@email" --password "mypassword" --team-id "myteamid"

this is altool command before i used. (worked for same Network)

$ xcrun altool --notarize-app --primary-bundle-id "mybundleid" --username "myappleid@email" --password "mypassword" --file ./mynotarytarget.pkg

Here's log with -vvvv option

[00:39:51.918Z] Info [API] Initialized Notary API with base URL: https://appstoreconnect.apple.com/notary/v2/
[00:39:51.919Z] Info [API] Preparing GET request to URL: https://appstoreconnect.apple.com/notary/v2/submissions?, Parameters: [:], Custom Headers: private<Dictionary<String, String>>
[00:39:51.919Z] Debug [AUTHENTICATION] Delaying current request to refresh app-specific password token.
[00:39:51.920Z] Info [API] Preparing GET request to URL: https://appstoreconnect.apple.com/notary/v2/asp?, Parameters: [:], Custom Headers: private<Dictionary<String, String>>
[00:39:51.920Z] Debug [AUTHENTICATION] Authenticating request to '/notary/v2/asp' with Basic Auth. Username: myappleid@email, Password: private<String>, Team ID: myteamid
[00:39:51.921Z] Debug [TASKMANAGER] Starting Task Manager loop to wait for asynchronous HTTP calls.
[00:39:52.069Z] Error [API] Encountered HTTP error: Error Domain=NSURLErrorDomain Code=-1004 "Could not connect to the server." UserInfo={_kCFStreamErrorCodeKey=61, NSUnderlyingError=0x600000a3d680 {Error Domain=kCFErrorDomainCFNetwork Code=-1004 "(null)" UserInfo={_NSURLErrorNWPathKey=satisfied (Path is satisfied), interface: en0, ipv4, dns, _kCFStreamErrorCodeKey=61, _kCFStreamErrorDomainKey=1}}, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <00634467-3F33-4CCE-A5A1-EFA1EEE622BC>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=(
    "LocalDataTask <00634467-3F33-4CCE-A5A1-EFA1EEE622BC>.<1>"
), NSLocalizedDescription=Could not connect to the server., NSErrorFailingURLStringKey=https://appstoreconnect.apple.com/notary/v2/asp?, NSErrorFailingURLKey=https://appstoreconnect.apple.com/notary/v2/asp?, _kCFStreamErrorDomainKey=1}
[00:39:52.070Z] Error [TASKMANAGER] Completed Task with ID 2 has encountered an error.
[00:39:52.070Z] Debug [TASKMANAGER] Ending Task Manager loop.
Error: HTTPError(statusCode: nil, error: Error Domain=NSURLErrorDomain Code=-1004 "Could not connect to the server." UserInfo={_kCFStreamErrorCodeKey=61, NSUnderlyingError=0x600000a3d680 {Error Domain=kCFErrorDomainCFNetwork Code=-1004 "(null)" UserInfo={_NSURLErrorNWPathKey=satisfied (Path is satisfied), interface: en0, ipv4, dns, _kCFStreamErrorCodeKey=61, _kCFStreamErrorDomainKey=1}}, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <00634467-3F33-4CCE-A5A1-EFA1EEE622BC>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=(
    "LocalDataTask <00634467-3F33-4CCE-A5A1-EFA1EEE622BC>.<1>"
), NSLocalizedDescription=Could not connect to the server., NSErrorFailingURLStringKey=https://appstoreconnect.apple.com/notary/v2/asp?, NSErrorFailingURLKey=https://appstoreconnect.apple.com/notary/v2/asp?, _kCFStreamErrorDomainKey=1})
Posted by
taehwauser
Up vote reply of taehwauser Down vote reply of taehwauser
Add a Comment

Well, that’s pretty solid evidence that it needs ASC access |-: I think you’ll have to work with your network folks to allow that.

Also, I’d appreciate you filing a bug against the Customizing the notarization workflow doc. Clearly it’s not giving the full story.

Please post your bug number, just for the record.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment