productbuild: notarize .pkg with non-binary sub package

Question

Created Aug ’24

Replies 3

Boosts 0

Participants 2

Hi, we have .pkg install package consisting of various sub packages. One of them contains presets and needs to be installed the the default preset location /Library/Audio/Presets. If this non-binary preset package is the only one in a .pkg choice notarization fails with:

  "logFormatVersion": 1,
  "jobId": "*",
  "status": "Invalid",
  "statusSummary": "Archive contains critical validation errors",
  "statusCode": 4000,
  "archiveFilename": "mypackage.pkg.zip",
  "uploadDate": "2024-08-22T21:24:03.251Z",
  "sha256": "*",
  "ticketContents": null,
  "issues": [
    {
      "severity": "error",
      "code": null,
      "path": "mypackage.pkg.zip",
      "message": "Package mypackage.pkg.zip has no signed executables or bundles. No tickets can be generated.",
      "docUrl": null,
      "architecture": null
    },
    {
      "severity": "warning",
      "code": null,
      "path": "mypackage.pkg.zip/mypackage.pkg",
      "message": "b\"Invalid component package: mypackage_vstpreset Distribution file's value: #com.mycompany.mypackage.vstpreset.pkg\\n\"",
      "docUrl": null,
      "architecture": null
    }
  ]
}

Not sure, but maybe its worth noting that the causing sub packge only generates a warning, but the parent package seems to escalate this into an error.

How can a non-binary sub package be included in a notarized parent package?

Any hints or thoughts are highly appreciated, Thanks!

Boost

Answer 1

DTS Engineer OP

Apple

Aug ’24

I suspect I’m missing something here but…

Are you notarising this subpackage independently? Or as a subpackage within your overall product?

Because reading your text I get the impression that it’s the latter, but the notary log snippet you posted doesn’t show any nesting.

My general advice is that you only notarise the outermost container, which in this case means not notarising the subpackage independently.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

hagen OP

Sep ’24

Thanks Quinn, for your reply! Subpackages are only notarized within our overall product. They are not notarized independently.

Because reading your text I get the impression that it’s the latter, but the notary log snippet you posted doesn’t show any nesting.

isn't this the indication:

"message": "b\"Invalid component package: mypackage_vstpreset Distribution file's value: #com.mycompany.mypackage.vstpreset.pkg\\n\"",

its the com.mycompany.mypackage.vstpreset.pkg that contains the non-binary preset files.

Thanks

0

Answer 3

DTS Engineer OP

Apple

Sep ’24

I think I’m gonna have to see the specific details of your setup. Specifically, I’d like to see:

The package you submitted
The resulting notary log

If you’re willing to share that publicly, please upload those to a file sharing service of your choice and post the URL here [1].

If you want to keep this provide, submit a DTS code-level support request with that info. Once I have that information, we can continue the discussion here in the forums

IMPORTANT If you create this request, indicate that you were referred by someone at Apple and make sure to include a link to this thread.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] With the URL in the clear, per tip 14 in the maybe-I-should-learn-how-to-count Quinn’s Top Ten DevForums Tips.

0