Hey there, I'm experiencing an issue with notarization of my macOS application, which is blocking a release. We have signing/notarization hooked up to our CI process, both for prior releases as well as development builds (at the trunk tip). The notarization process has typically taken anywhere from a few minutes to a few tens of minutes, but for our most recent release, it's taking an unreasonably long time. I've compiled the submission info for each build (+ reattempted notarizations) below. What's interesting is that the oldest one was accepted- however, it timed out our CI process, so we never actually released it. Subsequent builds are more or less identical in terms of their content, however, they've been stewing in the notarization process for over 13 hours in some cases. % xcrun notarytool info 67413dae-64f5-4372-972d-e0ac158e18e3 Successfully received submission info createdDate: 2025-04-02T16:28:25.999Z id: 67413dae-64f5-4372-972d-e0ac158e18e3 name: Warp Vault.app.zip status: In Progress % xcrun notarytool info 0c72b243-4a8d-4976-a97b-75689d7e2497 Successfully received submission info createdDate: 2025-04-02T05:49:05.861Z id: 0c72b243-4a8d-4976-a97b-75689d7e2497 name: Warp Vault.app.zip status: In Progress % xcrun notarytool info 8e2edfc2-58bc-4b33-bc8e-078155759a81 Successfully received submission info createdDate: 2025-04-02T05:23:28.870Z id: 8e2edfc2-58bc-4b33-bc8e-078155759a81 name: Warp Vault.app.zip status: In Progress % xcrun notarytool info 8fb17b0c-ace4-4b6f-bef8-68d22696814d Successfully received submission info createdDate: 2025-04-02T05:07:48.187Z id: 8fb17b0c-ace4-4b6f-bef8-68d22696814d name: Warp Vault.app.zip status: Accepted At the time of checking, the UTC date was: % TZ="UTC" date Wed Apr 2 18:42:14 UTC 2025 It's interesting to me that the notarization process is taking this long. We've notarized many development builds (with debugging flags enabled) in the time between our last public release and our attempt to notarize this one. What's more, the original build for this release was notarized within the span of about 15 minutes, but subsequent submissions of the same build have hung for tens of hours. My two questions are: How can I get our pending notarizations "unstuck"?, and To prevent these types of hangs in the future, should I also routinely build/sign/notarize non-debug builds of my application during the development process? Best regards and many thanks, Charlton

We have a macOS application packaged as a .pkg file. To notarize it, we first code-sign individual library folders and the .app bundle using the following command: codesign --force --deep --sign "Developer ID Application: <Our Account Name>, LLC (Team ID)" "Our_product.app" Code Sign result for .app file: Our_prodcut.app: valid on disk Our_product.app: satisfies its Designated Requirement We are using packages tool to create .pkg file with code signed .app file. Steps followed once .pkg file is ready: 1. Product Sign: productsign -sign "Developer ID Installer: <Our Account Name>" output.pkg signed-output.pkg 2. Submit for notorization: `xcrun notarytool submit signed-outout.pkg --keychain-profile "notarytool-password" --wait Received following output: Current status: Accepted................................. Processing complete id: 2d5c450f-5b22-4b4d-9579-ef21c0356548 status: Accepted Transferred Notarization log: xcrun notarytool log 10169892-b28c-407c-b348-edab0b34ef34 --keychain-profile "notarytool-password" Desktop/developer_log_6.json We have observed log with "Accepted" status with issues as "null". 3. Stapler: stapler staple signed-output.pkg stapler validate signed-output.pkg Processing: signed-output.pkg The validate action worked! 4. Checking status of .pkg file: Command: spctl --assess --verbose=4 signed-output.pkg Output: signed-output.pkg: rejected source=no usable signaturess Warning During Installation: While installing the .pkg file, a security warning appears as follows. Please help us to resolve this.

I have been trying to notarize my application for about a month via this command - xcrun notarytool submit "Backlsh.zip" --apple-id "" --password "" --team-id "" but it throws error - { "logFormatVersion": 1, "jobId": "c8173ee6-edd2-4c51-a86b-8f3b8dea0a84", "status": "Rejected", "statusSummary": "Team is not yet configured for notarization. Please contact Developer Programs Support at developer.apple.com under the topic Development and Technical / Other Development or Technical Questions.", "statusCode": 7000, "archiveFilename": "Backlsh.zip", "uploadDate": "2025-03-06T05:33:56.287Z", "sha256": "b45e579f0c47070b55d74ac49e49c81d32f2315bd290ca5592f71f314018c44d", "ticketContents": null, "issues": null } I have raised ticket to apple support but i havent received any help yet ! I have tried to submit 5 times. Kindly help !

I have app developed in electron.js and python and it works in ios 15 after codesigning but not in ios 14 or below I need to understand if theres a specific instruction that we need to while building the app or do I need to codesign in lower version? what can I do solve this issue??

I started the notarization process for my electron app (just a browser window loading a URL) yesterday (26/03/2025) at around 05:23 GMT. I noticed in a couple of posts here in the forum that it may sometimes take a day to notarize the first app submitted by a team, but it has been over 30 hours now. Here's the log from xcrun notarytool history. createdDate: 2025-03-26T05:23:11.102Z id: ddcb3fca-4667-4acb-8fd1-3298a7c244cc name: xolock-browser.zip status: In Progress Do help me out here, I have zero idea why this is taking so long. Thanks in advance!

I started the notarization process for my electron app (just a browser window loading a URL) yesterday (26/03/2025) at around 05:23 GMT. I noticed in a couple of posts here in the forum that it may sometimes take a day to notarize the first app submitted by a team, but it has been over 30 hours since I submitted the app for notarization Here's the log. createdDate: 2025-03-26T05:23:11.102Z id: ddcb3fca-4667-4acb-8fd1-3298a7c244cc name: xolock-browser.zip status: In Progress Is there any reason why it is taking so long? Thanks in advance!

Hey everyone, I've been trying to notarize my Electron macOS app for the past two days without any success. My longest attempt took nearly 4 hours, and my current attempt has already been running for 2 hours and 26 minutes. From what I can see in the logs, the signing step has completed successfully, and the app is currently in the notarization stage. But it's been stuck there with no real updates or progress indicators. Is this kind of delay normal? Has anyone else experienced such long notarization times? Any help or insight would be greatly appreciated! Thanks in advance.

I developed a macOS application and have already signed the pkg package. However, when I submitted it for notarization using the following command: xcrun notarytool submit --signed.pkg --apple-id "**@gmail.com" --team-id "2*******M" --password "this is password" --wait I received a "Rejected" status. The log provided the following details: "logFormatVersion": 1, "jobId": "f5f3751d-b449-4a2f-b905-32d38ab5963b", "status": "Rejected", "statusSummary": "Team is not yet configured for notarization. Please contact Developer Programs Support at developer.apple.com under the topic Development and Technical / Other Development or Technical Questions.", "statusCode": 7000, "archiveFilename": "*********.pkg", "uploadDate": "2025-03-20T03:16:43.651Z", "sha256": "3ca39700c531a66571721424a6c00668748011174b4ae20bbbec5c2d3a8a41f9", "ticketContents": null, "issues": null``` Can you help me, thank you.

I have local LLM application, the backend is in python and frontend is in electron.js , all complied in a .pkg file or .dmg file I have created the valid certifcates for notarization But it fails everytime, I have attached the logs steps I followed Created a certificate all steps related to getting it setup, ran productsign command on pkg file ran codesign for dmg xcruntool submit command If anyone has any idea on how proceed codesigningdmg (2).txt code-singingpkg.txt

Hi, I'm getting error 65 upon stapling and I am suspecting that non-default trust settings may be the reason as outlined here: Unfortunately whatever I do, I can't seem to reset the trust settings to their default values (removing the blue/white "+"), I'm not being asked for credentials upon closing the certificate window. I have also tried to unlock the System Roots key chain, to no avail. Also, when running security dump-trust-settings -d I get Number of trust settings : 0 for all certificates. Any ideas as to what I may be doing wrong? Is there any other setting that may be involved? Thanks!

Hi, I've code-signed my app and notarized it, and created a DMG, and when I slacked it or airdropped it to someone for testing the FIRST time they open it, they get a warning that it was Slacked or airdropped to them and do they want to open it. if they say yes everything is fine. So looking through here someone said I need to sign the app and then make a dmg and sign the dmg and then send that for notorization and then staple that. So I did, and I still get a warning the first tie someone try's to run it. What am I doing wrong? I know I can buy software and not get a warning from apple. so how do I get my app to work correctly like that?

I'm developing an app using Electron Builder for a potential port to Windows in the future. I've had a heck of a time getting credentials to work and felt like I was in some sort of time loop doing the same things over and over again to no avail. I finally was able to sign my app, sign the .dmg and start the notarization process. That was last night and it still says "In Progress". If anyone is able to push it through, that would be awesome! (id: 2520e724-7069-408a-9ea4-60b23e8435a7) I saw another thread on here where people stated it was taking forever, I'm not sure if this is just because its my first time, but I was hoping to get a beta out to testers this weekend. I just need a version that doesn't get flagged as "Malware" by Gatekeeper. This is just for a standalone macOS application, not the App Store. Is there a reason that this process takes an absurd amount of time? Will it always be like this or is this just a fluke and it was a bad time to try?

Doing it multiple times (even hours apart) doesn't help. createdDate: 2025-03-14T13:58:40.397Z id: eb49f8a4-bee6-432b-87de-6b11ca9d392a name: panda-app-1.0.0-arm64.dmg status: In Progress -------------------------------------------------- createdDate: 2025-03-14T13:23:31.444Z id: f6f3c938-5356-434c-aba1-c425f18cb4a7 name: panda-app-1.0.0-arm64.dmg status: In Progress

Hi, I have an account that is only a few days old. My first notary went smooth and was done within minutes. Every subsequent notary has been stuck pending. The oldest one being a day or so.

We are developing an application using .NET Xamarin.mac. While notarization after signing the package the error was thrown which was attached in a file Then created an simple Xamarin.mac app , in notarization process the same error was thrown. Provide an solution to resolve the issue while notarization. We have tried to codesignin the .app file but below error was thrown unable to build chain to self-signed root for signer "Developer ID Application: SFSecure.app: errSecInternalComponent Notarization error

We are developing an application for MAC machine using .NET. After developing and signing the package in notarization process was failed with the error in the attached file. Then we have created the simple Xamarin.MAC to check whether able to notarize it . But with the simple project also we have faced the same error. Provide us the solution to fix these issues We have tried to codesiginin the app to resolve the notarization error, but while code signing the below error was thrown "unable to build chain to self-signed root for signer "Developer ID Application" (not mentioning the certificate id) SFSecure.app: errSecInternalComponent" Notarization-error

Hi everyone! I've send my .dmg file for notarization, it has been accepted on March 5. Since then there weren't any updates, it hasn't changed its status. What might be the problem? Info about submission: createdDate: 2025-03-05T12:13:18.802Z id: 202d877d-d0c4-4211-bba4-6ebdb169a843 status: Accepted

Hello everyone, I'm encountering significant delays with the notarization process for our Electron application using a newly created developer account. The process is taking an unusually long time (1-2 days), which is disrupting our workflow. Details: We've attempted notarization multiple times over the past 2 weeks. The process consistently takes 8+ hours before I typically abort it. (due going offline etc) Interestingly, when I check the notary history later, it shows the notarization was actually successful. Our application package is relatively large, which might be contributing to the delay (archive: 226 mb, app:800mb) Recent Examples: Current submission (still in progress): 52db12c3-4a54-4e14-9d77-e141d7f28227 Previous successful submission: 49273be6-3e13-4f3f-83a4-945114d899b9 Has anyone else experienced similar issues with notarizing applications? Are there any optimizations or best practices I should implement to reduce these processing times? I'm using the default notarization feature that comes with electron forge. Any suggestions or insights would be greatly appreciated!

From time to time I see folks run into error 65 when stapling a ticket to their notarised Mac software. This post explains the two common causes of that error. If you have questions or comments, start a new thread here on the forums. Put it in the Code Signing > Notarization topic area so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Resolving Error 65 When Stapling If you directly distribute Mac software, you must sign and notarise your product so that it passes Gatekeeper. For information on how to do this, see: Notarizing macOS software before distribution, if you use Xcode Creating distribution-signed code for macOS, Packaging Mac software for distribution, and Customizing the notarization workflow otherwise The last step of that process is to staple a ticket to your notarised product. This can fail with error 65. There are two common causes of that failure: No appropriate ticket Trust issues The following sections explain how to recognise and resolve these issues. Note You are not absolutely required to staple your product. See The Pros and Cons of Stapling for more on that topic. No Appropriate Ticket Consider the following stapling error: % stapler staple "TestError65.dmg" Processing: /Users/quinn/Desktop/TestError65 2025-03-03 22-12-47/TestError65.dmg CloudKit query for TestError65.dmg (2/d812985247c75e94fd603f026991f96144a031af) failed due to "Record not found". Could not find base64 encoded ticket in response for 2/d812985247c75e94fd603f026991f96144a031af The staple and validate action failed! Error 65. Note the Record not found message. This indicates that the stapling operation failed because there’s no appropriate ticket. To investigate this, look at the notary log: % notarytool-log b53042b6-4cbb-4cef-ade4-dae034a69947 { … "status": "Accepted", … "sha256": "f012735a6d53b17082c088627da4249c9988111d17e7a90c49aa64ebc6bae22e", "ticketContents": [ { "path": "TestError65.dmg/TestError65.app", "digestAlgorithm": "SHA-256", "cdhash": "abc27b0f2daee77b9316de3c6844fbd9e234621c", "arch": "x86_64" }, { "path": "TestError65.dmg/TestError65.app", "digestAlgorithm": "SHA-256", "cdhash": "9627c72e53d44ae77513613e2ce33314bd5ef41e", "arch": "arm64" }, { "path": "TestError65.dmg/TestError65.app/Contents/MacOS/TestError65", "digestAlgorithm": "SHA-256", "cdhash": "abc27b0f2daee77b9316de3c6844fbd9e234621c", "arch": "x86_64" }, { "path": "TestError65.dmg/TestError65.app/Contents/MacOS/TestError65", "digestAlgorithm": "SHA-256", "cdhash": "9627c72e53d44ae77513613e2ce33314bd5ef41e", "arch": "arm64" }, { "path": "TestError65.dmg", "digestAlgorithm": "SHA-256", "cdhash": "01a553c91ee389764971767f5082ab8c7dcece02" } ], "issues": null } First, make sure that the status field is Accepted. If there’s some other value, the notary service didn’t generate a ticket at all! To understand why, look at the rest of the notary log for errors and warnings. Assuming that your notarisation request was successful, look through the log for cdhash values. These represent the contents of the ticket generated by the notary service. Compare that list to the cdhash values of the code being signed: % hdiutil attach "TestError65.dmg" … … /Volumes/Install TestError65 % codesign -d -vvv --arch arm64 "/Volumes/Install TestError65/TestError65.app" … CDHash=9627c72e53d44ae77513613e2ce33314bd5ef41e … % codesign -d -vvv --arch x86_64 "/Volumes/Install TestError65/TestError65.app" … CDHash=abc27b0f2daee77b9316de3c6844fbd9e234621c … Those are all present in the ticket. However, consider the cdhash of the disk image itself: % codesign -d -vvv "TestError65.dmg" … CDHash=d812985247c75e94fd603f026991f96144a031af … That’s the cdhash that stapler is looking for: CloudKit query for TestError65.dmg (2/d812985247c75e94fd603f026991f96144a031af) failed due to "Record not found". But it’s not present in the notarised ticket. Note The term cdhash stands for code directory hash. If you’re curious what that’s about, see TN3126 Inside Code Signing: Hashes and the Notarisation Fundamentals DevForums post. What happened here is: I built the app. I signed it with my Developer ID code-signing identity. I created a disk image from that app. I signed that with my Developer ID code-signing identity. I notarised that. I then re-signed the disk image. This changes the cdhash in the code signature. Now the disk image’s cdhash doesn’t match the cdhash in the ticket, so stapling fails. To resolve this problem, make sure you’re stapling exactly the file that you submitted to the notary service. One good option is to compare the SHA-256 hash of the file you’re working on with the sha256 field in the notary log. Trust Issues Now consider this stapling error: % stapler staple "TestError65.dmg" Processing: /Users/quinn/TestError65.dmg Could not validate ticket for /Users/quinn/TestError65.dmg The staple and validate action failed! Error 65. Note how it’s different from the previous one. Rather than saying that the ticket was not found, it says Could not validate ticket. So, stapler found the ticket for the file and then tried to validate it before doing the staple operation. That validation failed, and thus this error. The most common cause of this problem is folks messing around with trust settings. Consider this: % security dump-trust-settings SecTrustSettingsCopyCertificates: No Trust Settings were found. % security dump-trust-settings -d SecTrustSettingsCopyCertificates: No Trust Settings were found. Contrast it with this: % security dump-trust-settings SecTrustSettingsCopyCertificates: No Trust Settings were found. % security dump-trust-settings -d Number of trusted certs = 1 Cert 0: Apple Root CA - G3 Number of trust settings : 10 … Someone has tweaked the trust settings for the Apple Root CA - G3 anchor. In fact, I used Keychain Access to mark the certificate as Always Trust. You’d think that’d avoid problems, but you’d be wrong. Our code signing machinery expects Apple’s anchor and intermediate certificates to have the default trust settings. IMPORTANT Some trust settings overrides are fine. For example, on my main work Mac there are trust settings overrides for Apple internal anchors. This problem occurs when there are trust settings overrides for Apple’s standard anchor and intermediate certificates. To fix this: In Terminal, run the dump-trust-settings commands shown above and build a list of Apple certificates with trust settings overrides. In Keychain Access, find the first problematic certificate in your list. Note that there may be multiple instances of the certificate in different keychains. If that’s the case, follow these steps for each copy of the certificate. Double click the certificate to open it in a window. If the Trust section is collapsed, expand it. Ensure that all the popups are set to their default values (Use System Defaults for the first, “no value specified” for the rest). If they are, close the window and move on to step 8. If not, set the popups to the default values and close the window. Closing the window may require authentication to save the trust settings. Repeat steps until 2 through 7 for each of the problematic certificates you found in step 1. When you’re done, run the dump-trust-settings commands again to confirm that your changes took effect.

Hello everyone, I’m currently developing an Electron application, and I’m trying to properly sign and notarize it for macOS. The notarization process itself seems to complete successfully—the file is accepted without issues. However, when I attempt to staple the notarization ticket to the executable, I consistently get Error 65 with TheStableAndValidateActionFailed. The issue is puzzling because the executable does not change at any point during the process. After facing this issue multiple times in my own project, I decided to test it on a more controlled setup. I followed the steps from this https://www.youtube.com/watch?v=hYBLfjT57hU and the instructions from this macos-code-signing-example which have previously worked for others. Yet, even with this setup, I still get the same Error 65. Below, I have attached the verbose logs for reference. I’m trying to understand what could be causing this issue—whether it’s related to certificates, the signing process, or something else entirely. Has anyone encountered a similar problem, and if so, how did you resolve it? Any insights would be greatly appreciated!