Notarization Failure with altool

Hello,

We notarize our application package installer with the altool like this:


xcrun altool --notarize-app -f "Our Installer.pkg" --primary-bundle-id com.finaldraft.ourinstaller --username "***@finaldraft.com" --password "yyyy"


Where *** and yyy is a valid developer account and yyy is the correct password.


The call to altool returns immediately with this error:


*** Error: Unable to notarize app.N2020-03-26 16:10:26.157 altool[5727:93332]

*** Error: code -22016 (Unable to validate your application. We are unable to create an authentication session.)


This failure started around March 13 2020 and and has been continuing until today.

We have been notarizing like this for months without problems.

I've verified that archives in Xcode notarize, but since we distribute a .pkg, we need to use the altool instead of Xcode archives.

Has anyone else seen this?


Thanks in advance!

Up vote post of sbrost Down vote post of sbrost
2.7k views
Posted by
sbrost
Reply
Add a Comment

Replies

I just updated to Catalina and I'm trying to get our build process to include notarization. So this isn't something that was working for me in the past and now suddenly failed. However, I finally realized that I was using the wrong email address in the call to altool. We had initially tried to setup a "team" developer account that used an email alias for several folks on the team. Ultimately, it wound up being a pain so we just used my lead's email, and generated an app-specific password from that account. Unfortunately, in my build script, I still had the old team email as the username. Once I changed it, it worked fine. I'm not sure why yours would work and then suddenly break, but just double-check that you're still entering the same email that was used to generate the app-specific password I guess?


For me it's:


xcrun altool \
  --notarize-app \
  --primary-bundle-id "my.awesome.app" \
  --username "my-account-who-created@app-specific-password.com" \
  --password "@keychain:my-notary-pw-item-name" \
  --file "my-awesome-file.zip"


Posted by
disco-stu
Up vote reply of disco-stu Down vote reply of disco-stu
Add a Comment