Framework notarization: stapler error 73

Hello!


I'm trying to notarize a single framework. The whole process went perfectly well with 'accepted' status at the end.
However when I try to staple my framework stapler ends with "The staple and validate action failed! Error 73."

Verbose flag shows that it's trying to remove nonexisting CoreResources folder:


Could not remove existing ticket from file:***.framework/Contents/CodeResources because an error occurred. Error Domain=NSCocoaErrorDomain Code=4 "“CodeResources” couldn’t be removed." UserInfo={NSUserStringVariant=(
    Remove
), NSFilePath=***.framework/Contents/CodeResources, NSUnderlyingError=0x7fb096934260 {Error Domain=NSPOSIXErrorDomain Code=2 "No such file or directory"}}


Any idea how to tackle this problem?


PS: 10.15, xcode 11

Thank you!

Replies

Stapling to bundles other than a

.app
can be challenging (r. 54951597). You should definitely file a bug about the problem you’re having here. Please post your bug number, just for the record.

Having said that, why are you trying to staple to a framework? Most folks distribute frameworks are part of a larger package, and thus you’d staple to that outer package. Are you distributing your framework independent? Using a

.zip
?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

@eskimo thanks for such prompt response.

Why framework alone? I'm working on plugins loaded by 3rd party apps - to use native code I need a framework, second of all I would like to have an open option in case of distribution framework alone (so yeah it's a stab in the notarized dark here 🙂).

PS: Can you pls suggest what area of feedback will be the most suitible here? (I mean the very first step in feedback assistant) macOS/Installation-Setup-Migration or Developer Tools/XcodeKit or something else?

-- daniel

Can you pls suggest what area of feedback will be the most suitible here?

For this sort of things its best to start with Developer Tools.

I'm working on plugins loaded by 3rd party apps - to use native code I need a framework

Right, but in that case you should notarise and staple the outermost container (the

.dmg
or the
.pkg
or whatever custom installer you’re using) rather than the framework itself. The ticket you generate by notarising that outermost container will cover any code within the container, and that includes your framework.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi,


we do have a similar problem on that. First I do get the same error message. Anyway regarding your answer I will try to sign the whole zip that we are delivering our framework to our customers for macOS applications. We do package also iOS Framework, Windows etc. libraries etc in our zip. How does this affect the stapling process?


In a second case we do also deliver a .unitypackage - which is a somehow special tar format that includes our dynamic library named as a libXXX.bundle for beeing used as a plugin for the creation of mac apps and beeing used in the unity editor. We already deliver it signed. Anyway our customers claim that they have to create a security exception when creating a new project with our library inside. I was already able to notarize the libXXX.bundle file sucessfully. Anyway how would I accomplish stapling the whole archeive before deploying it. Or would I need to rely at least to the fact that the user is connected to the internet for verification?


Thanks and best regards

Anyway regarding your answer I will try to sign the whole zip that we are delivering our framework to our customers for macOS applications.

You can’t sign a zip archive. Nor can you staple a ticket to it. Having said that, if the zip archive doesn’t contain anything that the user executes, signing and notarising it isn’t relevant. The framework will get incorporated into the user’s final app, and it’ll be signed and notarised then.

Still if I were in your shoes I’d probably switch to using disk image for this distribution. It supports signing, notarisation, and stapling, and the resulting ticket will cover all the code on the disk image (meaning, for example, if the disk image happened to contain a pre-built sample app, it’d run without any grief).

In a second case we do also deliver a

.unitypackage

You should escalate this with Unity. I don’t know enough about how Unity works to offer you any meaningful answers.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"