3 Replies
      Latest reply on Mar 27, 2019 5:09 PM by haikeeba
      ssbmaccom3 Level 1 Level 1 (0 points)



        I started some sample notarizations to gather all the user stories and efforts required to notarize all binaries on our Software Releases. I first did from my private accont, now - after I was granted to proper role in the Enterprise team  also with my account I have from inside the company. Looks good so far, but I assume that the proxy/gateway to teh enterprise network is filtering some URLs or Ports used by altool for submitting binaries (I assume altool is also used from Xcode - behavior is similar in Xcode).

        I actually need to do the notarization as part of CI/CD on a build agent - so I have tu use the command line tools.


        So I need to prepare a service ticket to IT department to adjust the proxy/gateway to enable these connections used by altool. Knowing about them will ease their work a lot, which makes it much more likely, they will do this work in a reasonable timeframe.


        Can anyone list the URLs and Ports used by altool for --validation, --notarize-app, --notarization-history, --notarization-info?

        Will the JSON Logfile, referenced by the --notarization-info results, always be located in a realm, that allows to setup up "simple" Proxy/Gatewa use?


        Thanks in advance - you will ease my fights with our IT guys.



        • Re: URLs/Ports used by altool (IT Infrastructure)
          ssbmaccom3 Level 1 Level 1 (0 points)

          Is there really no-one at Apple, who can tell, which URLs and Ports are used by altool for notarizing an application?


          So far I was able to use all phases of notary processing using altool except uploading a file and submit it to notary service. Get the notarization history and also the notarization info now works by using a less restrictive proxy.


          Our IT department does not want to create a exception rule to the proxies that covers all *.itunes.apple.com URLs - and file submission may even use a completely different URL for uploading the data (maybe negotiated during the processing). Actually we are dedicated to give end users the best experience also on security side while IT needs to protect internal company network.


          On the long run we need to automate the processing, as we have some files automatically generated on build agents that need may require Notarization - so we can't do that manually.