13 Replies
      Latest reply on Aug 9, 2019 9:33 AM by eskimo
      maju Level 1 Level 1 (0 points)

        Hi,

         

        I'm gettng the below error when i try to staple app .

         

         

        Could not validate ticket for <path of app>

        The staple and validate action failed! Error 65.

         

        But i got confirmation mail from Apple saying that "Your Mac software has been notarized. You can now export this software and distribute it directly to users."

         

        When i try to staple it, it throws Error 65. What should be the problem and how do i resolve this issue?

        • Re: xcrun stapler staple error
          eskimo Apple Staff Apple Staff (12,425 points)

          As a first step, add the -v option and see if that shows up anything of note:

          $ stapler staple -v /path/to/your/item

          If you can’t work it out from there, post the Terminal transcript here and I’ll take a look.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: xcrun stapler staple error
              maju Level 1 Level 1 (0 points)

              I'm seeing the below error when i run stapler staple -v <path of app>

              • Re: xcrun stapler staple error
                maju Level 1 Level 1 (0 points)

                I’m seeing the following response.

                stapler staple -v "" Processing: Properties are {     NSURLIsDirectoryKey = 1;     NSURLIsPackageKey = 1;     NSURLIsSymbolicLinkKey = 0;     NSURLLocalizedTypeDescriptionKey = Application;     NSURLTypeIdentifierKey = "com.apple.application-bundle";     "_NSURLIsApplicationKey" = 1; } Props are {     cdhash = ;     digestAlgorithm = 2;     flags = 65536;     secureTimestamp = "2019-07-24 12:16:31 +0000";     signingId = "";     teamId = HGLC38RWEJ; } JSON Data is {     records =    (                 {             recordName = "2/2/3caafbc60ce092a5d12fe1e143efb110b7ae7baf";         }     ); } Headers: {     "Content-Type" = "application/json"; } Domain is api.apple-cloudkit.com Response is { URL: https://api.apple-cloudkit.com/database/1/com.apple.gk.ticket-delivery/production/public/records/lookup } { Status Code: 200, Headers {     "Apple-Originating-System" =    (         UnknownOriginatingSystem     );     Connection =    (         "keep-alive"     );     "Content-Encoding" =    (         gzip     );

                • Re: xcrun stapler staple error
                  maju Level 1 Level 1 (0 points)

                  I'm getting the following JSON response: Size of data is 3349 JSON Response is: {     records =    (                 {             created =            {                 deviceID = 2;                 timestamp = 1563970910519;                 userRecordName = "_d28c74d190a3782e89496b0a13437fef";             };             deleted = 0;             fields =            {                 signedTicket =                {                     type = BYTES;                     value = "czhjaAEAAADvBQAAvAEAADCCBeswggL9MIICpKADAgECAghyVR35ZD6UaDAKBggqhkjOPQQDAjByMSYwJAYDVQQDDB1BcHBsZSBTeXN0ZW0gSW50ZWdyYXRpb24gQ0EgNDEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTME";                 };             };             modified =            {                 deviceID = 2;                 timestamp = 1563970910519;                 userRecordName = "_d28c74d190a3782e89496b0a13437fef";             };             pluginFields =            {             };             recordChangeTag = jyh7wdv7;             recordName = "2/2/3caafbc60ce092a5d12fe1e143efb110b7ae7baf";             recordType = DeveloperIDTicket;         }     ); }

                • Re: xcrun stapler staple error
                  eskimo Apple Staff Apple Staff (12,425 points)

                  First things first, here’s a copy of the output formatted to make it more readable:

                  Processing: /Users/majumadhusudanan/Documents/GitHub/work-desktop-mac/Export/iManage Agent.app
                  Properties are {
                      NSURLIsDirectoryKey = 1;
                      NSURLIsPackageKey = 1;
                      NSURLIsSymbolicLinkKey = 0;
                      NSURLLocalizedTypeDescriptionKey = Application;
                      NSURLTypeIdentifierKey = "com.apple.application-bundle";
                      "_NSURLIsApplicationKey" = 1;
                  }
                  Props are {
                      cdhash = <3caafbc6 0ce092a5 d12fe1e1 43efb110 b7ae7baf>;
                      digestAlgorithm = 2;
                      flags = 65536;
                      secureTimestamp = "2019-07-24 12:16:31 +0000";
                      signingId = "com.imanage.workagent";
                      teamId = HGLC38RWEJ;
                  }
                  JSON Data is {
                      records =     (
                                  {
                              recordName = "2/2/3caafbc60ce092a5d12fe1e143efb110b7ae7baf";
                          }
                      );
                  }
                   Headers: {
                      "Content-Type" = "application/json";
                  }
                  Domain is api.apple-cloudkit.com
                  Response is <NSHTTPURLResponse: 0x7fb86e101730> { URL: https://api.apple-cloudkit.com/database/1/com.apple.gk.ticket-delivery/production/public/records/lookup } { Status Code: 200, Headers {
                      "Apple-Originating-System" =     (
                          UnknownOriginatingSystem
                      );
                      Connection =     (
                          "keep-alive"
                      );
                      "Content-Encoding" =     (
                          gzip
                      );
                      "Content-Type" =     (
                          "application/json; charset=UTF-8"
                      );
                      Date =     (
                          "Wed, 24 Jul 2019 12:48:22 GMT"
                      );
                      Server =     (
                          "AppleHttpServer/f86386b8"
                      );
                      "Strict-Transport-Security" =     (
                          "max-age=31536000; includeSubDomains;"
                      );
                      "Transfer-Encoding" =     (
                          Identity
                      );
                      Via =     (
                          "xrail:st13p00ic-zteu25223801.me.com:8301:19B68:grp60",
                          "icloudedge:bm21p00ic-hygw01040401:7401:19RC255:…"
                      );
                      "X-Apple-CloudKit-Version" =     (
                          "1.0"
                      );
                      "X-Apple-Request-UUID" =     (
                          "5e44bc10-6f96-4670-8fb8-e4b9425c962d"
                      );
                      "X-Responding-Instance" =     (
                          "ckdatabasews:16302101:st42p63ic-ztfb17170701:8201:1912B424:7247c61d51f2"
                      );
                      "access-control-expose-headers" =     (
                          "X-Apple-Request-UUID, X-Responding-Instance",
                          Via
                      );
                      "apple-seq" =     (
                          0
                      );
                      "apple-tk" =     (
                          false
                      );
                  } }
                  Size of data is 3349
                  JSON Response is: {
                      records =     (
                                  {
                              created =             {
                                  deviceID = 2;
                                  timestamp = 1563970910519;
                                  userRecordName = "_d28c74d190a3782e89496b0a13437fef";
                              };
                              deleted = 0;
                              fields =             {
                                  signedTicket =                 {
                                      type = BYTES;
                                      value = "…";
                                  };
                              };
                              modified =             {
                                  deviceID = 2;
                                  timestamp = 1563970910519;
                                  userRecordName = "_d28c74d190a3782e89496b0a13437fef";
                              };
                              pluginFields =             {
                              };
                              recordChangeTag = jyh7wdv7;
                              recordName = "2/2/3caafbc60ce092a5d12fe1e143efb110b7ae7baf";
                              recordType = DeveloperIDTicket;
                          }
                      );
                  }
                  Downloaded ticket has been stored at file:///var/folders/l5/vbhk7bfs3vn758tg0328wd_w0000gn/T/5e44bc10-6f96-4670-8fb8-e4b9425c962d.ticket.
                  Could not validate ticket for /Users/majumadhusudanan/Documents/GitHub/work-desktop-mac/Export/iManage Agent.app
                  The staple and validate action failed! Error 65.

                  I can’t see any obvious cause of this problem.  I’m going to dig into it some more to see if I can uncover something.

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"

                  • Re: xcrun stapler staple error
                    eskimo Apple Staff Apple Staff (12,425 points)

                    Actually, one more thing.  When you notarised your app, what was the request UUID you got back from the notarisation system?

                    Share and Enjoy

                    Quinn “The Eskimo!”
                    Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                    let myEmail = "eskimo" + "1" + "@apple.com"

                      • Re: xcrun stapler staple error
                        maju Level 1 Level 1 (0 points)

                        92cd8328-97fb-4d0f-b002-8869da7a32f3

                          • Re: xcrun stapler staple error
                            Setag Apple Staff Apple Staff (0 points)

                            I was able to successfully staple 92cd8328-97fb-4d0f-b002-8869da7a32f3.

                             

                            These lines indicate the ticket was successfully downloaded, but the downloaded ticket did not have the expected information.

                             

                            Downloaded ticket has been stored at file:///var/folders/l5/vbhk7bfs3vn758tg0328wd_w0000gn/T/5e44bc10-6f96-4670-8fb8-e4b9425c962d.ticket. 
                            Could not validate ticket for /Users/majumadhusudanan/Documents/GitHub/work-desktop-mac/Export/iManage Agent.app 
                            The staple and validate action failed! Error 65. 
                            
                            
                            

                            What version of Xcode are you using? Does `xcrun stapler stapler "iManage Agent.app"` result in a successful stapling.

                             

                            Finally, does stapling work for you on any previous UUIDs you've submitted for the same project?

                              • Re: xcrun stapler staple error
                                maju Level 1 Level 1 (0 points)

                                Yes. I was able to notarize same apps earlier multiple times. now i have 10.3 xcode installed on macbook.  you can check --notarization-history I'm facing 2 issues here: 1. If I try to notarize apps using Xcode organizer window, then it successfully notarize the app with an acknowledgment mail. but 'export notarized app' button is greyed out. Earlier this was getting enabled after successful notarization. 2. xcrun stapler staple - throws 'The staple and validate action failed! Error 65. " This was working earlier without any issue.

                                  • Re: xcrun stapler staple error
                                    maju Level 1 Level 1 (0 points)

                                    Last login: Mon Jul 29 09:55:50 on ttys000 Please find the below history. It shows package approved status for all uploads. But at the same time when i try to staple it using xcrun stapler, it throws 'error - 65'. Also 'Export notarized button' in Xcode organizer window is disabled. How do I resolve this issue? Notarization History - page 0 Date                      RequestUUID                          Status      Status Code Status Message  ------------------------- ------------------------------------ ----------- ----------- ---------------- 2019-07-29 04:31:13 +0000 3fe4f299-a4dc-4926-a590-313d6528b5fa in progress                              2019-07-28 14:56:30 +0000 8bc59959-d1ef-4b91-aecd-389f7b452628 success    0          Package Approved 2019-07-26 03:48:55 +0000 d48e1dec-1f39-4d7f-a538-1c4a31fafcf1 success    0          Package Approved 2019-07-24 12:20:45 +0000 92cd8328-97fb-4d0f-b002-8869da7a32f3 success    0          Package Approved 2019-07-24 10:07:03 +0000 7dff3609-98ee-463f-9791-cc4a60258b17 success    0          Package Approved 2019-07-24 05:29:47 +0000 0947a0c6-e569-471f-9d20-988a40083b0e success    0          Package Approved 2019-07-23 16:22:59 +0000 4247eaeb-536d-4766-89e9-8e28886d41c5 success    0          Package Approved 2019-07-23 15:56:14 +0000 2cad041f-6aaa-4dd4-a1e0-13e09f18285f success    0          Package Approved 2019-07-23 15:26:22 +0000 1ad11043-e40b-4ab5-9024-cacfeb328041 success    0          Package Approved 2019-07-23 11:47:21 +0000 4f9aa56e-dfe8-440c-b30d-55889457f99d success    0          Package Approved 2019-07-22 15:33:44 +0000 a0aac965-0541-40d3-a060-bbafb978a74f success    0          Package Approved 2019-07-22 15:28:38 +0000 26081297-87c3-4cff-a307-6596ef048c5e success    0          Package Approved 2019-07-22 15:25:18 +0000 249be62d-86a4-4fd4-891b-390018a5d720 success    0          Package Approved 2019-07-22 15:20:05 +0000 f40f07ee-dae3-42c6-bae6-21dfde01625e success    0          Package Approved 2019-07-22 14:47:11 +0000 5a04db3e-bb95-4303-9188-1507cca74b16 success    0          Package Approved 2019-07-22 14:40:32 +0000 8d7c4098-790d-4a1d-8488-30ed18f36603 success    0          Package Approved 2019-07-22 14:36:01 +0000 9a427f38-4421-4b2f-8033-9e62281b760b success    0          Package Approved 2019-07-22 13:57:23 +0000 7e2986b0-18a6-4797-93a1-bebd0ad62086 success    0          Package Approved 2019-07-20 06:23:11 +0000 7fbbeff4-9195-4afc-9afa-4e7ea251ae3a invalid    2          Package Invalid  2019-07-20 04:56:06 +0000 b8597440-0926-4655-8de2-30bfc2a7c5f2 invalid    2          Package Invalid  2019-07-19 06:05:53 +0000 a61149e1-60f5-4743-a1cb-0bd8fa7b6303 invalid    2          Package Invalid  2019-07-19 04:34:08 +0000 49d69a0f-2abc-44d3-83e0-3733264ab21c invalid    2          Package Invalid  2019-07-18 17:12:55 +0000 fc0b7724-96af-4733-ad48-eac94b3fab4a invalid    2          Package Invalid  2019-07-18 17:02:51 +0000 fb76d5ad-850e-4c4d-a608-96bc9945293a invalid    2          Package Invalid  2019-07-18 16:53:44 +0000 71e82848-9d69-421b-81b6-0d71abb13cf9 invalid    2          Package Invalid  2019-07-18 16:45:33 +0000 b82bbf7d-a989-4722-8572-bdac48e7e744 invalid    2          Package Invalid  2019-07-17 13:22:18 +0000 a57dca95-43c0-444f-a215-f9e1fd49e35c invalid    2          Package Invalid  2019-07-17 11:35:42 +0000 ecfe2a86-354d-483e-816c-71cd75ea23ec invalid    2          Package Invalid  2019-07-17 10:50:35 +0000 a20b7f0b-4af8-468e-85ab-135f518cc4e2 invalid    2          Package Invalid  2019-07-17 10:18:09 +0000 af1c0a28-b4f4-46b2-b740-ba1a97470820 invalid    2          Package Invalid  2019-07-17 09:55:12 +0000 0ef8630e-cdc2-445b-aabf-0ef47c000f88 invalid    2          Package Invalid  2019-07-17 05:15:26 +0000 55f806a8-9a9e-45be-aa9d-48d2ca41588a invalid    2          Package Invalid 

                                      • Re: xcrun stapler staple error
                                        eskimo Apple Staff Apple Staff (12,425 points)

                                        It would help if you could format your log output as a code block (create one using the <> button).  That would make it much easier to read.

                                        Share and Enjoy

                                        Quinn “The Eskimo!”
                                        Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                                        let myEmail = "eskimo" + "1" + "@apple.com"

                                          • Re: xcrun stapler staple error
                                            maju Level 1 Level 1 (0 points)
                                            Notarization History - page 0
                                            
                                            Date                      RequestUUID                          Status  Status Code Status Message   
                                            ------------------------- ------------------------------------ ------- ----------- ---------------- 
                                            2019-07-29 08:38:44 +0000 4281a52b-2dcc-42d0-bb8f-60274a33ab2a success 0           Package Approved 
                                            2019-07-29 07:40:11 +0000 0f483a52-90c1-4219-bc6c-d5db5c4b45fd success 0           Package Approved 
                                            2019-07-29 06:58:37 +0000 db00d97b-03e0-43fc-84ff-6f7ebcb07305 success 0           Package Approved 
                                            2019-07-29 06:30:39 +0000 10aba20d-77d7-443c-a5e9-8d5e87a99c70 success 0           Package Approved 
                                            2019-07-29 06:14:29 +0000 a677baea-09f4-4800-8e6c-165cc948849a success 0           Package Approved 
                                            2019-07-29 05:46:54 +0000 563516b6-c7e2-453b-8fd2-28cdc63a3c5d success 0           Package Approved 
                                            2019-07-29 04:31:13 +0000 3fe4f299-a4dc-4926-a590-313d6528b5fa invalid 2           Package Invalid  
                                            2019-07-28 14:56:30 +0000 8bc59959-d1ef-4b91-aecd-389f7b452628 success 0           Package Approved 
                                            2019-07-26 03:48:55 +0000 d48e1dec-1f39-4d7f-a538-1c4a31fafcf1 success 0           Package Approved 
                                            2019-07-24 12:20:45 +0000 92cd8328-97fb-4d0f-b002-8869da7a32f3 success 0           Package Approved 
                                            2019-07-24 10:07:03 +0000 7dff3609-98ee-463f-9791-cc4a60258b17 success 0           Package Approved 
                                            2019-07-24 05:29:47 +0000 0947a0c6-e569-471f-9d20-988a40083b0e success 0           Package Approved 
                                            2019-07-23 16:22:59 +0000 4247eaeb-536d-4766-89e9-8e28886d41c5 success 0           Package Approved 
                                            2019-07-23 15:56:14 +0000 2cad041f-6aaa-4dd4-a1e0-13e09f18285f success 0           Package Approved 
                                            2019-07-23 15:26:22 +0000 1ad11043-e40b-4ab5-9024-cacfeb328041 success 0           Package Approved 
                                            2019-07-23 11:47:21 +0000 4f9aa56e-dfe8-440c-b30d-55889457f99d success 0           Package Approved 
                                            2019-07-22 15:33:44 +0000 a0aac965-0541-40d3-a060-bbafb978a74f success 0           Package Approved 
                                            2019-07-22 15:28:38 +0000 26081297-87c3-4cff-a307-6596ef048c5e success 0           Package Approved 
                                            2019-07-22 15:25:18 +0000 249be62d-86a4-4fd4-891b-390018a5d720 success 0           Package Approved 
                                            2019-07-22 15:20:05 +0000 f40f07ee-dae3-42c6-bae6-21dfde01625e success 0           Package Approved 
                                            2019-07-22 14:47:11 +0000 5a04db3e-bb95-4303-9188-1507cca74b16 success 0           Package Approved 
                                            2019-07-22 14:40:32 +0000 8d7c4098-790d-4a1d-8488-30ed18f36603 success 0           Package Approved 
                                            2019-07-22 14:36:01 +0000 9a427f38-4421-4b2f-8033-9e62281b760b success 0           Package Approved 
                                            2019-07-22 13:57:23 +0000 7e2986b0-18a6-4797-93a1-bebd0ad62086 success 0           Package Approved 
                                            
                                            
                                • Re: xcrun stapler staple error
                                  eskimo Apple Staff Apple Staff (12,425 points)

                                  I worked this issue with maju via other channels, and we eventually figured out what’s going wrong:

                                  1. stapler is able to download the correct ticket.

                                  2. Before stapling the ticket, it attempts to validate it.

                                  3. This involves two steps:

                                    • Checking the tickets digital signature

                                    • Performing trust evaluation on the certificate chain in the ticket

                                    It’s this second step that fails.

                                  4. Trust evaluation fails because the ticket validation code is particularly paranoid, and thus calls SecTrustEvaluate and verifies that the result is .unspecified.  However, on the specific machine causing maju problems, the result is .proceed.

                                    Note The difference between .unspecified and .proceed is a subtle one.  The former means that trust evaluation worked without any special affordances.  The latter means that trust evaluation worked because the user overrode some trust settings.

                                  5. The reason for that is that someone has customised trust settings on the root certificate that anchors this chain of trust (in this case “Apple Root CA - G3”).  You can see these trust setting overrides by opening the certificate in Keychain Access, disclosing the Trust section, and looking at the various popups.  The first popup should be set to “Use System Defaults” and all the other popups set to “no value specified”.  If they’re not, someone has customised the certificate’s trust settings.

                                  Once maju removed these trust settings customisations, stapler worked as expected.

                                  Share and Enjoy

                                  Quinn “The Eskimo!”
                                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                                  let myEmail = "eskimo" + "1" + "@apple.com"