source=Unnotarized Developer ID

Question

Mojave had no problems, but Catalina had problems.

1. security find-identity -v

1) C17046BFE80EE89BD1ED8C074...... "Apple Development: *** (2CK2N3894J)"

2) 3F2E4DE8448436C12D2180B0A...... "Developer ID Application: *** (3M7CA656X6)"

3) 6ADDD8EA0A311D666D9D78D3...... "Developer ID Installer:*** (3M7CA656X6)"

4) F829BE1DDB0C9907FCFBB41C...... "Apple Development: *** (M4A523532B)"

2. productsign --sign "Developer ID Installer: *** (3M7CA656X6)" ./aaa.pkg ./sign/aaa.pkg

3. pkgutil --check-signature ./aaa.pkg

Status: signed by a developer certificate issued by Apple for distribution

Certificate Chain:

1. Developer ID Installer: *** (3M7CA656X6)

SHA256 Fingerprint:

2A 6D 1F 76 4D 9F 08 DD 55 69 0A E0 AB.....

B7 D3 57 B2 DB 92 B7 8F 8B A3

------------------------------------------------------------------------

2. Developer ID Certification Authority

SHA256 Fingerprint:

7A FC 9D 01 A6 2F 03 A2 DE 96 37 93 6D .....

F2 9C 88 CF B0 B1 BA 63 58 7F

------------------------------------------------------------------------

3. Apple Root CA

SHA256 Fingerprint:

B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 ......

68 C5 BE 91 B5 A1 10 01 F0 24

4. spctl -a -vvv -t install "./aaa.pkg"

./***.pkg: rejected

source=Unnotarized Developer ID

origin=Developer ID Installer: *** (3M7CA656X6)

5.xcrun altool --notarize-app -t osx -f ./aaa.pkg --primary-bundle-id com.aaa.*** -u "ID" -p "PW" --output-format xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<dict>

<key>notarization-upload</key>

<dict>

<key>RequestUUID</key>

</dict>

<key>os-version</key>

<key>success-message</key>

<string>No errors uploading './***.pkg'.</string>

<string>/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework</string>

<key>tool-version</key>

</dict>

6. spctl -a -vvv -t install "./aaa.pkg"

./***.pkg: rejected

source=Unnotarized Developer ID

origin=Developer ID Installer:*** (3M7CA656X6)

Why does "source=Unnotarized Developer ID" occur?

1.6k

Posted by

Freecshot

Reply

Add a Comment

Answer 1

Did the notarisation complete successfully. What does

--notarization-info

show? It should print

LogFileURL

property that you can download to learn more about how your notarisation proceeded.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Posted by

eskimo

Add a Comment

Answer 2

Didn't you write the signed output to "./sign/aaa.pkg"? But then you are doing everything else with the unsigned, or maybe development signed, version?

Posted by

john daniel

Add a Comment

Answer 3

Move to sign folder between 2step -> 3step.

In step 3, we confirmed that aaa.pkg was signed.

[ Developer ID Installer: *** (3M7CA656X6)

SHA256 Fingerprint:

2A 6D 1F 76 4D 9F 08 DD 55 69 0A E0 AB.....

B7 D3 57 B2 DB 92 B7 8F 8B A3 ]

Posted by

Freecshot

Add a Comment

Answer 4

Did the notarisation complete successfully. What does

--notarization-info

show? It should print

LogFileURL

property that you can download to learn more about how your notarisation proceeded.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Posted by

eskimo

Add a Comment

Answer 5

Have you confirmed that the package can be stapled, which confirms the notarization ticket was generated properly?

xcrun stapler stapler <path-to-package>

Posted by

Security Engineer

Add a Comment

source=Unnotarized Developer ID

Accepted Reply

Replies