Notarization Signature Errors

Hi! I'm having an issue notarizing my app. I've developed my app in python, packaged it with py2app and then codesigned it using command-line:

codesign --deep --sign "Developer ID Application: Name (ID)" MyApp.app

and verified it using:

codesign --verify --verbose MyApp.app

with no problem. I then continued to notarize it with notarytool:

xcrun notarytool submit MyApp.zip --keychain-profile "MyProfile" --wait

and everything went smoothly, however, the process ended as invalid.

This is a recurring issue (used altool beforehand) where I get errors that prevent the notarization due to signature issues, some of them:

"The signature of the binary is invalid."

"The executable does not have the hardened runtime enabled."

"The binary is not signed with a valid Developer ID certificate."

"The signature does not include a secure timestamp."

And so on.

The issue is that this is occurring to the contents of the app and the python libraries and other dependencies it uses, not MyApp.app itself.

I've read online in many places and couldn't find what am I missing, I've followed the code-signing and notarization instructions to no prevail.

I hope someone here can help me solve this problem or figure out what am I missing. Many thanks :)

Answered by DTS Engineer in 773711022

Don’t sign with --deep. See --deep Considered Harmful for an explanation as to why not.

For advice on how to sign correctly, see:

However, in a case like this it’s probably best to raise this via the support channel for your third-party tooling, because the folks there are more likely to have experience with this.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Accepted Answer

Don’t sign with --deep. See --deep Considered Harmful for an explanation as to why not.

For advice on how to sign correctly, see:

However, in a case like this it’s probably best to raise this via the support channel for your third-party tooling, because the folks there are more likely to have experience with this.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thanks for the reply eskimo! I tried following your instructions, and even tried packaging everything from scratch and signing it with your suggested method, and still the same errors. It seems to be a problem with the signing of the internal contents of the app, any other suggestions?

Notarization Signature Errors
 
 
Q