Could Not Validate Ticket at Stapling Process

I tried going through the entire notarization process using the script I have been using for ages and got to the part where I got the email to say that I can distribute the app. Did the stapling and there is when things went wrong.


Could not validate ticket for MyApp.dmg
The staple and validate action failed! Error 65.


Did all the test listed on https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/resolving_common_notarization_issues?language=objc


and they came out clean with no issue. Even did the 


xcrun altool --notarization-info


and everything seems clean with no reported issue.


Thinking it was something wrong on my end, I resubmitted the app which was successfully stapled yesterday and this time, the stapling failed as above.


Was there something changed or the notarization service is just whacky ?

Up vote post of eddy2099 Down vote post of eddy2099
2.9k views
Posted by
eddy2099
Reply
Add a Comment

Accepted Reply

Quick update: It's automagically working again!

Seems that stapling problems were a temporary problem at Apple.


Yesterday night (about 18:50 UTC), I received a bunch of confirmation emails "You can now distribute your Mac software." from Apple - for bundles which have already been approved before and for bundles which have been stuck at "in progress" for hours. After that stapling worked again :-)

Posted by
aminhh
Up vote reply of aminhh Down vote reply of aminhh
Post marked as solved
Add a Comment

Replies

Not that it helps you - but I'm seeing this too :-(

Posted by
Scotty
Up vote reply of Scotty Down vote reply of Scotty
Add a Comment

I am in the same situation...

Posted by
ccristian
Up vote reply of ccristian Down vote reply of ccristian
Add a Comment

Same problem today: Error 65. Everything worked fine before. Let's submit a bug report to Apple (how?)...

Posted by
aminhh
Up vote reply of aminhh Down vote reply of aminhh
Add a Comment

I suspect it's a pre-WWDC issue that will magically fix itself.

Posted by
Scotty
Up vote reply of Scotty Down vote reply of Scotty
Add a Comment

Still filed a bug report under https://bugreport.apple.com category "Developer Tools". Hope this helps somehow. Work-around for now: what happens if you distribute your software WITHOUT stapling? Gatekeeper should still be able to verify the notarization online, just the offline usage would be hindered?

Posted by
aminhh
Up vote reply of aminhh Down vote reply of aminhh
Add a Comment

My notarization automation failed last night during the stapling step.


Despite a successful notarization (confirmed via e-mail and with altool --notarization-info) I am seeing the follwing from stapler:


The staple and validate action failed! Error 68.


I am using 10.14.4 and XCode 10.1 to staple. This was an issue in 10.13.x that was supposedly fixed in 10.14:


You can resolve a few common stapler issues by upgrading your tools. In particular, if you see 

error -68
on macOS 10.13.x, you can resolve the issue by upgrading to macOS 10.14 or later. Alternatively, run the following command once to clear the Valid cache:

$ sudo killall -9 trustd; sudo rm /Library/Keychains/crls/valid.sqlite3


It sounds like a regression to me. I am waiting for Apple to say something or fix it.


It's also worth mentiong that I can still staple bundles that were notarized yesterday and earlier. Has anyone else tested stapling (or 'exporting' as I believe it's called on the GUI side) previously notarized bundles?

Posted by
hcross@uaudio.com
Up vote reply of hcross@uaudio.com Down vote reply of hcross@uaudio.com
Add a Comment

It's at least reassuring that I'm not the only one seeing this!

Posted by
hcross@uaudio.com
Up vote reply of hcross@uaudio.com Down vote reply of hcross@uaudio.com
Add a Comment

That's correct. If the machine has access to the internet, it should be able to validate (assuming that mechanism is not also broken today)

Posted by
hcross@uaudio.com
Up vote reply of hcross@uaudio.com Down vote reply of hcross@uaudio.com
Add a Comment

>It's also worth mentiong that I can still staple bundles that were notarized yesterday and earlier. Has anyone else tested stapling (or 'exporting' as I believe it's called on the GUI side) previously notarized bundles?


Confirmed: stapling previously notarized bundles still works today.


Another finding:

> That's correct. If the machine has access to the internet, it should be able to validate (assuming that mechanism is not also broken today)


Nope, online mechanism is also broken today. A sucessfully notarized bundle distributed WITHOUT stapling does not show the usual "Notarized by Apple" message on first run anymore.

Posted by
aminhh
Up vote reply of aminhh Down vote reply of aminhh
Add a Comment

Thanks a lot for confirming that. And my QA colleague did also notice the online mechanism is not working consistently. It worked on 10.14.6 beta but failed on 10.14.5 for one machine and then worked for another 10.14.5 machine. Apple's stuff is definitely broken!


Cheers

Posted by
hcross@uaudio.com
Up vote reply of hcross@uaudio.com Down vote reply of hcross@uaudio.com
Add a Comment

Quick update: It's automagically working again!

Seems that stapling problems were a temporary problem at Apple.


Yesterday night (about 18:50 UTC), I received a bunch of confirmation emails "You can now distribute your Mac software." from Apple - for bundles which have already been approved before and for bundles which have been stuck at "in progress" for hours. After that stapling worked again :-)

Posted by
aminhh
Up vote reply of aminhh Down vote reply of aminhh
Post marked as solved
Add a Comment

Thanks. I did received a bunch of emails too and just tested stapling my app and it is working as it should again.


Hopefully it stays that way.

Posted by
eddy2099
Up vote reply of eddy2099 Down vote reply of eddy2099
Add a Comment