URLs/Ports used by altool (IT Infrastructure)

Hi,


I started some sample notarizations to gather all the user stories and efforts required to notarize all binaries on our Software Releases. I first did from my private accont, now - after I was granted to proper role in the Enterprise team also with my account I have from inside the company. Looks good so far, but I assume that the proxy/gateway to teh enterprise network is filtering some URLs or Ports used by altool for submitting binaries (I assume altool is also used from Xcode - behavior is similar in Xcode).

I actually need to do the notarization as part of CI/CD on a build agent - so I have tu use the command line tools.


So I need to prepare a service ticket to IT department to adjust the proxy/gateway to enable these connections used by altool. Knowing about them will ease their work a lot, which makes it much more likely, they will do this work in a reasonable timeframe.


Can anyone list the URLs and Ports used by altool for --validation, --notarize-app, --notarization-history, --notarization-info?

Will the JSON Logfile, referenced by the --notarization-info results, always be located in a realm, that allows to setup up "simple" Proxy/Gatewa use?


Thanks in advance - you will ease my fights with our IT guys.


SSB

Replies

Is there really no-one at Apple, who can tell, which URLs and Ports are used by altool for notarizing an application?


So far I was able to use all phases of notary processing using altool except uploading a file and submit it to notary service. Get the notarization history and also the notarization info now works by using a less restrictive proxy.


Our IT department does not want to create a exception rule to the proxies that covers all *.itunes.apple.com URLs - and file submission may even use a completely different URL for uploading the data (maybe negotiated during the processing). Actually we are dedicated to give end users the best experience also on security side while IT needs to protect internal company network.


On the long run we need to automate the processing, as we have some files automatically generated on build agents that need may require Notarization - so we can't do that manually.

Is there really no-one at Apple, who can tell, which URLs and Ports are used by altool for notarizing an application?

No, it’s just that DevForums is an informal support channel, and there’s no one here that knows the answer to this off the top of their head.

If this is important to you, and it’s sounds like that’s the case, you should request formal support by opening a DTS tech support incident.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

We are preparing an update to the notary guide with this info. Keep an eye out here: https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution?language=objc

It have been almost three months past since this reply has been post. Is there any progress?

I'm also have very similar problem, so please update this guide asap.

Is there any progress?

Check out the Ensure Your Build Server Has Network Access section of Customizing the Notarization Workflow.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"