I am runnning persistent notarization issues with my macOS Electron application.
Despite multiple attempts to resolve these issues, the notarization status remains "Invalid," and the errors in the report are consistent.
What I'm doing
- Sign the code like this
codesign --sign "Apple Distribution: Name Lastname (123456)" --deep --force --timestamp=auto path/to/Application.app
I then get: Application.app: replacing existing signature
- I then verify the signing with:
codesign --verify --deep --strict --verbose=4 path/to/Application.app
I then get: --prepared:/path/to/Application.app/Contents/Frameworks/SomeFramework.framework --validated:/path/to/Application.app/Contents/Frameworks/SomeFramework.framework --prepared:/path/to/Application.app/Contents/Frameworks/AnotherFramework.framework --validated:/path/to/Application.app/Contents/Frameworks/AnotherFramework.framework Application.app: valid on disk Application.app: satisfies its Designated Requirement
- I then build:
npm build
- I then package:
zip -r Application.zip Application.app
- I then upload:
xcrun notarytool submit Application.zip --apple-id your-apple-id --team-id your-team-id --password your-app-specific-password
- Then I check for status and I get:
Successfully received submission info createdDate: 2024-08-15T18:21:31.520Z id: 55daf39a-4be9-4dd6-a490-1890d33f9e75 name: Application.zip status: Invalid
In the report generated I get issues like:
"path": "path/to/Application.app/Contents/Frameworks/SomeFramework.framework/SomeFramework", "message": "The signature of the binary is invalid.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735", "architecture": "arm64"
and
"path": "path/to/Application.app/Contents/Frameworks/SomeFramework.framework/Versions/Current/Helpers/chrome_crashpad_handler", "message": "The signature does not include a secure timestamp.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733", "architecture": "arm64"
What am I doing wrong? I tried signing each issue separately and rerun the entire process, it's not working.
You are currently signing your code using --deep
, which is something I specifically recommend against. See --deep
Considered Harmful.
Apple has general advice on how to sign a Mac app correctly:
In this case, however, I recommend that you consult the support resources for your third-party tools, because this is a path than many other folks have walked down previously.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"