xcrun stapler staple error

Hi,


I'm gettng the below error when i try to staple app .



Could not validate ticket for <path of app>

The staple and validate action failed! Error 65.


But i got confirmation mail from Apple saying that "Your Mac software has been notarized. You can now export this software and distribute it directly to users."


When i try to staple it, it throws Error 65. What should be the problem and how do i resolve this issue?

Replies

As a first step, add the

-v
option and see if that shows up anything of note:
$ stapler staple -v /path/to/your/item

If you can’t work it out from there, post the Terminal transcript here and I’ll take a look.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I'm seeing the below error when i run stapler staple -v <path of app>

I’m seeing the following response.

stapler staple -v "" Processing: Properties are { NSURLIsDirectoryKey = 1; NSURLIsPackageKey = 1; NSURLIsSymbolicLinkKey = 0; NSURLLocalizedTypeDescriptionKey = Application; NSURLTypeIdentifierKey = "com.apple.application-bundle"; "_NSURLIsApplicationKey" = 1; } Props are { cdhash = ; digestAlgorithm = 2; flags = 65536; secureTimestamp = "2019-07-24 12:16:31 +0000"; signingId = ""; teamId = HGLC38RWEJ; } JSON Data is { records = ( { recordName = "2/2/3caafbc60ce092a5d12fe1e143efb110b7ae7baf"; } ); } Headers: { "Content-Type" = "application/json"; } Domain is api.apple-cloudkit.com Response is { URL: https://api.apple-cloudkit.com/database/1/com.apple.gk.ticket-delivery/production/public/records/lookup } { Status Code: 200, Headers { "Apple-Originating-System" = ( UnknownOriginatingSystem ); Connection = ( "keep-alive" ); "Content-Encoding" = ( gzip );

I'm getting the following JSON response: Size of data is 3349 JSON Response is: { records = ( { created = { deviceID = 2; timestamp = 1563970910519; userRecordName = "_d28c74d190a3782e89496b0a13437fef"; }; deleted = 0; fields = { signedTicket = { type = BYTES; value = "czhjaAEAAADvBQAAvAEAADCCBeswggL9MIICpKADAgECAghyVR35ZD6UaDAKBggqhkjOPQQDAjByMSYwJAYDVQQDDB1BcHBsZSBTeXN0ZW0gSW50ZWdyYXRpb24gQ0EgNDEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTME"; }; }; modified = { deviceID = 2; timestamp = 1563970910519; userRecordName = "_d28c74d190a3782e89496b0a13437fef"; }; pluginFields = { }; recordChangeTag = jyh7wdv7; recordName = "2/2/3caafbc60ce092a5d12fe1e143efb110b7ae7baf"; recordType = DeveloperIDTicket; } ); }

First things first, here’s a copy of the output formatted to make it more readable:

Processing: /Users/majumadhusudanan/Documents/GitHub/work-desktop-mac/Export/iManage Agent.app
Properties are {
    NSURLIsDirectoryKey = 1;
    NSURLIsPackageKey = 1;
    NSURLIsSymbolicLinkKey = 0;
    NSURLLocalizedTypeDescriptionKey = Application;
    NSURLTypeIdentifierKey = "com.apple.application-bundle";
    "_NSURLIsApplicationKey" = 1;
}
Props are {
    cdhash = <3caafbc6 0ce092a5 d12fe1e1 43efb110 b7ae7baf>;
    digestAlgorithm = 2;
    flags = 65536;
    secureTimestamp = "2019-07-24 12:16:31 +0000";
    signingId = "com.imanage.workagent";
    teamId = HGLC38RWEJ;
}
JSON Data is {
    records =     (
                {
            recordName = "2/2/3caafbc60ce092a5d12fe1e143efb110b7ae7baf";
        }
    );
}
 Headers: {
    "Content-Type" = "application/json";
}
Domain is api.apple-cloudkit.com
Response is <NSHTTPURLResponse: 0x7fb86e101730> { URL: https://api.apple-cloudkit.com/database/1/com.apple.gk.ticket-delivery/production/public/records/lookup } { Status Code: 200, Headers {
    "Apple-Originating-System" =     (
        UnknownOriginatingSystem
    );
    Connection =     (
        "keep-alive"
    );
    "Content-Encoding" =     (
        gzip
    );
    "Content-Type" =     (
        "application/json; charset=UTF-8"
    );
    Date =     (
        "Wed, 24 Jul 2019 12:48:22 GMT"
    );
    Server =     (
        "AppleHttpServer/f86386b8"
    );
    "Strict-Transport-Security" =     (
        "max-age=31536000; includeSubDomains;"
    );
    "Transfer-Encoding" =     (
        Identity
    );
    Via =     (
        "xrail:st13p00ic-zteu25223801.me.com:8301:19B68:grp60",
        "icloudedge:bm21p00ic-hygw01040401:7401:19RC255:…"
    );
    "X-Apple-CloudKit-Version" =     (
        "1.0"
    );
    "X-Apple-Request-UUID" =     (
        "5e44bc10-6f96-4670-8fb8-e4b9425c962d"
    );
    "X-Responding-Instance" =     (
        "ckdatabasews:16302101:st42p63ic-ztfb17170701:8201:1912B424:7247c61d51f2"
    );
    "access-control-expose-headers" =     (
        "X-Apple-Request-UUID, X-Responding-Instance",
        Via
    );
    "apple-seq" =     (
        0
    );
    "apple-tk" =     (
        false
    );
} }
Size of data is 3349
JSON Response is: {
    records =     (
                {
            created =             {
                deviceID = 2;
                timestamp = 1563970910519;
                userRecordName = "_d28c74d190a3782e89496b0a13437fef";
            };
            deleted = 0;
            fields =             {
                signedTicket =                 {
                    type = BYTES;
                    value = "…";
                };
            };
            modified =             {
                deviceID = 2;
                timestamp = 1563970910519;
                userRecordName = "_d28c74d190a3782e89496b0a13437fef";
            };
            pluginFields =             {
            };
            recordChangeTag = jyh7wdv7;
            recordName = "2/2/3caafbc60ce092a5d12fe1e143efb110b7ae7baf";
            recordType = DeveloperIDTicket;
        }
    );
}
Downloaded ticket has been stored at file:///var/folders/l5/vbhk7bfs3vn758tg0328wd_w0000gn/T/5e44bc10-6f96-4670-8fb8-e4b9425c962d.ticket.
Could not validate ticket for /Users/majumadhusudanan/Documents/GitHub/work-desktop-mac/Export/iManage Agent.app
The staple and validate action failed! Error 65.

I can’t see any obvious cause of this problem. I’m going to dig into it some more to see if I can uncover something.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Actually, one more thing. When you notarised your app, what was the request UUID you got back from the notarisation system?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

92cd8328-97fb-4d0f-b002-8869da7a32f3

I was able to successfully staple 92cd8328-97fb-4d0f-b002-8869da7a32f3.


These lines indicate the ticket was successfully downloaded, but the downloaded ticket did not have the expected information.


Downloaded ticket has been stored at file:///var/folders/l5/vbhk7bfs3vn758tg0328wd_w0000gn/T/5e44bc10-6f96-4670-8fb8-e4b9425c962d.ticket. 
Could not validate ticket for /Users/majumadhusudanan/Documents/GitHub/work-desktop-mac/Export/iManage Agent.app 
The staple and validate action failed! Error 65.

What version of Xcode are you using? Does `xcrun stapler stapler "iManage Agent.app"` result in a successful stapling.


Finally, does stapling work for you on any previous UUIDs you've submitted for the same project?

Yes. I was able to notarize same apps earlier multiple times. now i have 10.3 xcode installed on macbook. you can check --notarization-history I'm facing 2 issues here: 1. If I try to notarize apps using Xcode organizer window, then it successfully notarize the app with an acknowledgment mail. but 'export notarized app' button is greyed out. Earlier this was getting enabled after successful notarization. 2. xcrun stapler staple - throws 'The staple and validate action failed! Error 65. " This was working earlier without any issue.

Last login: Mon Jul 29 09:55:50 on ttys000 Please find the below history. It shows package approved status for all uploads. But at the same time when i try to staple it using xcrun stapler, it throws 'error - 65'. Also 'Export notarized button' in Xcode organizer window is disabled. How do I resolve this issue? Notarization History - page 0 Date RequestUUID Status Status Code Status Message ------------------------- ------------------------------------ ----------- ----------- ---------------- 2019-07-29 04:31:13 +0000 3fe4f299-a4dc-4926-a590-313d6528b5fa in progress 2019-07-28 14:56:30 +0000 8bc59959-d1ef-4b91-aecd-389f7b452628 success 0 Package Approved 2019-07-26 03:48:55 +0000 d48e1dec-1f39-4d7f-a538-1c4a31fafcf1 success 0 Package Approved 2019-07-24 12:20:45 +0000 92cd8328-97fb-4d0f-b002-8869da7a32f3 success 0 Package Approved 2019-07-24 10:07:03 +0000 7dff3609-98ee-463f-9791-cc4a60258b17 success 0 Package Approved 2019-07-24 05:29:47 +0000 0947a0c6-e569-471f-9d20-988a40083b0e success 0 Package Approved 2019-07-23 16:22:59 +0000 4247eaeb-536d-4766-89e9-8e28886d41c5 success 0 Package Approved 2019-07-23 15:56:14 +0000 2cad041f-6aaa-4dd4-a1e0-13e09f18285f success 0 Package Approved 2019-07-23 15:26:22 +0000 1ad11043-e40b-4ab5-9024-cacfeb328041 success 0 Package Approved 2019-07-23 11:47:21 +0000 4f9aa56e-dfe8-440c-b30d-55889457f99d success 0 Package Approved 2019-07-22 15:33:44 +0000 a0aac965-0541-40d3-a060-bbafb978a74f success 0 Package Approved 2019-07-22 15:28:38 +0000 26081297-87c3-4cff-a307-6596ef048c5e success 0 Package Approved 2019-07-22 15:25:18 +0000 249be62d-86a4-4fd4-891b-390018a5d720 success 0 Package Approved 2019-07-22 15:20:05 +0000 f40f07ee-dae3-42c6-bae6-21dfde01625e success 0 Package Approved 2019-07-22 14:47:11 +0000 5a04db3e-bb95-4303-9188-1507cca74b16 success 0 Package Approved 2019-07-22 14:40:32 +0000 8d7c4098-790d-4a1d-8488-30ed18f36603 success 0 Package Approved 2019-07-22 14:36:01 +0000 9a427f38-4421-4b2f-8033-9e62281b760b success 0 Package Approved 2019-07-22 13:57:23 +0000 7e2986b0-18a6-4797-93a1-bebd0ad62086 success 0 Package Approved 2019-07-20 06:23:11 +0000 7fbbeff4-9195-4afc-9afa-4e7ea251ae3a invalid 2 Package Invalid 2019-07-20 04:56:06 +0000 b8597440-0926-4655-8de2-30bfc2a7c5f2 invalid 2 Package Invalid 2019-07-19 06:05:53 +0000 a61149e1-60f5-4743-a1cb-0bd8fa7b6303 invalid 2 Package Invalid 2019-07-19 04:34:08 +0000 49d69a0f-2abc-44d3-83e0-3733264ab21c invalid 2 Package Invalid 2019-07-18 17:12:55 +0000 fc0b7724-96af-4733-ad48-eac94b3fab4a invalid 2 Package Invalid 2019-07-18 17:02:51 +0000 fb76d5ad-850e-4c4d-a608-96bc9945293a invalid 2 Package Invalid 2019-07-18 16:53:44 +0000 71e82848-9d69-421b-81b6-0d71abb13cf9 invalid 2 Package Invalid 2019-07-18 16:45:33 +0000 b82bbf7d-a989-4722-8572-bdac48e7e744 invalid 2 Package Invalid 2019-07-17 13:22:18 +0000 a57dca95-43c0-444f-a215-f9e1fd49e35c invalid 2 Package Invalid 2019-07-17 11:35:42 +0000 ecfe2a86-354d-483e-816c-71cd75ea23ec invalid 2 Package Invalid 2019-07-17 10:50:35 +0000 a20b7f0b-4af8-468e-85ab-135f518cc4e2 invalid 2 Package Invalid 2019-07-17 10:18:09 +0000 af1c0a28-b4f4-46b2-b740-ba1a97470820 invalid 2 Package Invalid 2019-07-17 09:55:12 +0000 0ef8630e-cdc2-445b-aabf-0ef47c000f88 invalid 2 Package Invalid 2019-07-17 05:15:26 +0000 55f806a8-9a9e-45be-aa9d-48d2ca41588a invalid 2 Package Invalid

It would help if you could format your log output as a code block (create one using the

<>
button). That would make it much easier to read.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"
Notarization History - page 0

Date                      RequestUUID                          Status  Status Code Status Message   
------------------------- ------------------------------------ ------- ----------- ---------------- 
2019-07-29 08:38:44 +0000 4281a52b-2dcc-42d0-bb8f-60274a33ab2a success 0           Package Approved 
2019-07-29 07:40:11 +0000 0f483a52-90c1-4219-bc6c-d5db5c4b45fd success 0           Package Approved 
2019-07-29 06:58:37 +0000 db00d97b-03e0-43fc-84ff-6f7ebcb07305 success 0           Package Approved 
2019-07-29 06:30:39 +0000 10aba20d-77d7-443c-a5e9-8d5e87a99c70 success 0           Package Approved 
2019-07-29 06:14:29 +0000 a677baea-09f4-4800-8e6c-165cc948849a success 0           Package Approved 
2019-07-29 05:46:54 +0000 563516b6-c7e2-453b-8fd2-28cdc63a3c5d success 0           Package Approved 
2019-07-29 04:31:13 +0000 3fe4f299-a4dc-4926-a590-313d6528b5fa invalid 2           Package Invalid  
2019-07-28 14:56:30 +0000 8bc59959-d1ef-4b91-aecd-389f7b452628 success 0           Package Approved 
2019-07-26 03:48:55 +0000 d48e1dec-1f39-4d7f-a538-1c4a31fafcf1 success 0           Package Approved 
2019-07-24 12:20:45 +0000 92cd8328-97fb-4d0f-b002-8869da7a32f3 success 0           Package Approved 
2019-07-24 10:07:03 +0000 7dff3609-98ee-463f-9791-cc4a60258b17 success 0           Package Approved 
2019-07-24 05:29:47 +0000 0947a0c6-e569-471f-9d20-988a40083b0e success 0           Package Approved 
2019-07-23 16:22:59 +0000 4247eaeb-536d-4766-89e9-8e28886d41c5 success 0           Package Approved 
2019-07-23 15:56:14 +0000 2cad041f-6aaa-4dd4-a1e0-13e09f18285f success 0           Package Approved 
2019-07-23 15:26:22 +0000 1ad11043-e40b-4ab5-9024-cacfeb328041 success 0           Package Approved 
2019-07-23 11:47:21 +0000 4f9aa56e-dfe8-440c-b30d-55889457f99d success 0           Package Approved 
2019-07-22 15:33:44 +0000 a0aac965-0541-40d3-a060-bbafb978a74f success 0           Package Approved 
2019-07-22 15:28:38 +0000 26081297-87c3-4cff-a307-6596ef048c5e success 0           Package Approved 
2019-07-22 15:25:18 +0000 249be62d-86a4-4fd4-891b-390018a5d720 success 0           Package Approved 
2019-07-22 15:20:05 +0000 f40f07ee-dae3-42c6-bae6-21dfde01625e success 0           Package Approved 
2019-07-22 14:47:11 +0000 5a04db3e-bb95-4303-9188-1507cca74b16 success 0           Package Approved 
2019-07-22 14:40:32 +0000 8d7c4098-790d-4a1d-8488-30ed18f36603 success 0           Package Approved 
2019-07-22 14:36:01 +0000 9a427f38-4421-4b2f-8033-9e62281b760b success 0           Package Approved 
2019-07-22 13:57:23 +0000 7e2986b0-18a6-4797-93a1-bebd0ad62086 success 0           Package Approved

I worked this issue with maju via other channels, and we eventually figured out what’s going wrong:

  1. stapler
    is able to download the correct ticket.
  2. Before stapling the ticket, it attempts to validate it.

  3. This involves two steps:

    • Checking the tickets digital signature

    • Performing trust evaluation on the certificate chain in the ticket

    It’s this second step that fails.

  4. Trust evaluation fails because the ticket validation code is particularly paranoid, and thus calls

    SecTrustEvaluate
    and verifies that the result is
    .unspecified
    . However, on the specific machine causing maju problems, the result is
    .proceed
    .

    Note The difference between

    .unspecified
    and
    .proceed
    is a subtle one. The former means that trust evaluation worked without any special affordances. The latter means that trust evaluation worked because the user overrode some trust settings.
  5. The reason for that is that someone has customised trust settings on the root certificate that anchors this chain of trust (in this case “Apple Root CA - G3”). You can see these trust setting overrides by opening the certificate in Keychain Access, disclosing the Trust section, and looking at the various popups. The first popup should be set to “Use System Defaults” and all the other popups set to “no value specified”. If they’re not, someone has customised the certificate’s trust settings.

Once maju removed these trust settings customisations,

stapler
worked as expected.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"
  • @eskimo: I checked and my Developer ID Installer trust settings were set as you suggested. I was unable to staple using xcrun even though the .pkg was notarized.

Add a Comment

@eskimo Thanks for detailed solution. I helps me to fix the **The staple and validate action failed! Error 65 ** which is diving me crazy since from weeks.

After changing the trust settings for certificate 'Apple Root CA G3' to the issue got resolved and My installer got successfully stapled.

Finally my package installer is ready for distribution.

  • I checked and my Developer ID Installer trust settings were set as you suggested. I was unable to staple using xcrun even though the .pkg was notarized.

Add a Comment

I was unable to staple using xcrun

It’s probably best to start a new thread for this. This thread already has way too much history.

On the front:

  • Tag your thread with Notarization so that I see it.

  • Feel free to reference this thread.

  • Run stapler with the -v flag to get verbose output, and include that output as a text attachment (click the paperclip icon).

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"