4 Replies
      Latest reply on Nov 8, 2019 12:55 AM by eskimo
      adriangm20 Level 1 Level 1 (0 points)

        Hi,

         

        Notarization of .pkg files has stopped working for me. Basically, the .pkg file is notarized but the contents are not. The notarization log shows the following response:

         

        {
          "logFormatVersion": 1,
          "jobId": "[jobId-edited]",
          "status": "Accepted",
          "statusSummary": "Ready for distribution",
          "statusCode": 0,
          "archiveFilename": "WiFiExplorerPro_2.3.pkg",
          "uploadDate": "2019-10-25T22:34:38Z",
          "sha256": "[sha256-edited]",
          "ticketContents": [
          {
          "path": "WiFiExplorerPro_2.3.pkg",
          "digestAlgorithm": "SHA-1",
          "cdhash": "[cdhash-edited]"
          }
          ],
          "issues": [
          {
          "severity": "warning",
          "code": null,
          "path": "WiFiExplorerPro_2.3.pkg",
          "message": "This archive is corrupt, and cannot be unpacked for analysis.",
          "docUrl": null,
          "architecture": null
          }
          ]
        }
        

         

        The same packaging/notarization workflow was working for me two weeks ago but now it ends up with this error. Well, a warning, but the error comes later when trying to staple the .app inside the .pkg, since it wasn't notarized. As far as I know, nothing changed on my side, as I said, it's the same process to generate the .pkg and notarize it.

         

        By the way, the .app can be notarized by itself, separately, so it's not an error when notarizing the .app. The .pkg file works fine, it can be launched, and passes all checks with regards to codesigning and notarization. Howerver, notarization is saying the archive is corrupt.

         

        Are there any other log files produced by the notarization process that I can review?

        Any hints on what could be wrong here?

         

        Thanks,

        Adrian

        • Re: Notarization has stopped working for .pkg files
          adriangm20 Level 1 Level 1 (0 points)

          Just to add to the post, I tried notarizing again a .pkg installer that I had already notarized successfully a few weeks ago and I got the same problem, so unless I'm missing something obvious here, there was a change in Apple's side that is now causing this problem.

           

          In the meantime, I'm going to try to notarize the app first, then package it, and then notarize the .pkg file.

          • Re: Notarization has stopped working for .pkg files
            eskimo Apple Staff Apple Staff (12,325 points)

            I’m not sure what’s going on in your specific situation but I tried notarising a package today and it worked as expected.  Here’s what I did:

            1. I created a dummy app from the macOS > App template.

            2. I enabled the hardened runtime (I always forget that!).

            3. I built an archive using Build > Archive.

            4. In Xcode’s Organizer, I exported that as a Developer ID app.

            5. I wrapped it in a package:

              $ cat requirements.plist 
              <?xml version="1.0" encoding="UTF-8"?>
              <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
              <plist version="1.0">
              <dict>
                  <key>home</key>
                  <true/>
              </dict>
              </plist>
              $ productbuild --product requirements.plist --sign "Developer ID Installer" --component Test125071.app /Applications Test125071.pkg

              .

            6. I submitted it for notarisation.

              $ xcrun altool --notarize-app …credentials… --primary-bundle-id com.example.apple-samplecode.Test125071
              No errors uploading 'Test125071.pkg'.
              RequestUUID = 31552887-857a-400e-a32f-3dea770e18af

              .

            7. After a while the request was approved:

              $ notarization-info 31552887-857a-400e-a32f-3dea770e18af
              No errors getting notarization info.
              
              
                    Date: 2019-10-31 09:45:26 +0000
                    Hash: d643a8f12dea19b4ce0ba5f289758bc7d258d1bcc8d3fb39f598e97b29cac174
              LogFileURL: … elided …
                RequestUUID: 31552887-857a-400e-a32f-3dea770e18af         Status: success   Status Code: 0 Status Message: Package Approved

              .

            I’m not sure why things are failing for you.  My recommendation is that you run through the steps above.  If that works, you know that the problem is related to your specific package and you can look at how its constructed.  If it fails, it’s likely that there’s something about your environment that’s triggering the issue.

            ps Here’s the log file URL that was elided above (DevForums got really grumpy when I included it in a code block).

            Share and Enjoy

            Quinn “The Eskimo!”
            Apple Developer Relations, Developer Technical Support, Core OS/Hardware
            let myEmail = "eskimo" + "1" + "@apple.com"

              • Re: Notarization has stopped working for .pkg files
                adriangm20 Level 1 Level 1 (0 points)

                Thank you!

                 

                I tried your steps and notarization worked as expected. I then went and tried the same steps but instead of packaging the test app, I packaged my app. It also worked. So, something about the way I'm building the package must be the reason for this to fail.

                 

                I was using PackageMaker (yes, I know) but when I started encountering this issue, I switched to Packages (a 3rd party app) for building the package (which I understand uses productbuild). The .pkg I'm creating is pretty much standard, except that it includes a couple of post-install scripts. I wonder if that's what's causing the problem. I'll have to play around with productbuild and see if I can find what exactly is making notarization report the package is corrupt. Or maybe if I use productbuild to construct the package the problem will go away.

                 

                Adrian

                  • Re: Notarization has stopped working for .pkg files
                    eskimo Apple Staff Apple Staff (12,325 points)

                    I’m glad to hear you’re making progress.  Please do let us know how things pan out.  Whatever this problem turns out to be, I’m sure you won’t be the only person to have hit it.

                    Share and Enjoy

                    Quinn “The Eskimo!”
                    Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                    let myEmail = "eskimo" + "1" + "@apple.com"