Yup, and I immediately found a problem with our build system. It didn't save the notarization log. Had to fix that. So, i fixed it and ran again. The log contained 3 errors, all for the same file: "path": "Metrix Installer.dmg/Metrix-Installer.app/Contents/MacOS/Installer", "message": "The binary is not signed with a valid Developer ID certificate.", "message": "The signature does not include a secure timestamp.", "message": "The executable requests the com.apple.security.get-task-allow entitlement.", The interesting thing is that the same set of files will work if run on the old Mac VM - using the same Apple Dev account. We built the Installer app last year (using a different Apple Dev account), and have just been re-using it since. The stuff that changes is what the app installs. I started up XCode to see if I could just recompile the Installer app - but now, with the most current xcode, there are various errors with text controls (size mostly) and some permissions settings, and it won't build until those issues are fixed. (at least, running a build does not result in an "Installer.app" like it used to.) While I have been able to fix some minor issues with the code in the past (mostly changing some strings), I've been unable to find solutions to the current compile issues. When I search for the various error messages I find solutions from 2 years ago that use settings that don't exist. Yes, I'm annoyed, tired, and grumpy right now, and definitely NOT an Apple Developer with experience using XCode. Gonna have to see if we have somebody on staff that knows how to deal with this mess.

Now I'm hitting this while trying to setup a new Mac. (I remember hitting this on the old one - but don't have the faintest idea how I fixed it back then.) Some different quirks on the new Mac though - due to corporate security changes. The user logged in and running the build is NOT an administrator. So we get prompted multiple times to enter an Administrator id/pw (which we do have). There is no "Always Allow" button. How do I fix it in this case?

Note that I HAVE made progress. I figured out that I had to setup (again) a new stored credential for the notary tool. I was able to do that, and now I get further. Notarization is attempted, takes a while, and then fails. Current status: Invalid........................Processing complete id: 0e4af460-82b1-468e-9396-f711485e0a11 status: Invalid Not an especially helpful message.

The problem with that is that we don't use Xcode for development. We are a Java application, and only use a few of the Xcode tools to sign the app. I still have no idea what I did in the past to get the key into my keychain. The ONLY thing we use the Mac for is to assemble our app, sign it, and assemble an installer and notarize that. Note that I'm am just one of several developers working under a team apple dev account. Note that I tried to use "Keychain Access" to export the relevant private key (which shows the related certificate under it). While the export seemed to work, importing it on the new Mac doesn't seem to have added any thing to the keychain. I had to enter an admin password 3 times, and the p12 password - and then absolutely nothing changed.

Customer finally got back to me. he did the "whereis df", and it gave back the same results at mentioned above. Our app still can't run it though. This is sounding like a permissions issue at this point. "Full Disk Access" isn't needed on any other Mac we've ever run on, so I have trouble believing that is the issue.

Note that I just tested with my Mac OS 12 box. our App is not listed in the "Full Disk Access" list, but still can use the "df" command. Anyone have any ideas on what security settings might make it impossible to use the "df" command? (Or why it may not have been installed on the Mac?)

Our app logs when it's attempt to use it fails with: java.io.IOException: Cannot run program "df": error=2, No such file or directory When the user tried running "df" in the Terminal, he got the command not found error. After using brew to install it, he was able to run "df -i -n" and it worked. Our app STILL reports the same No such file or directory error. The biggest issue is that this works on hundreds of Mac OS computers. It's only on this one customers systems that it fails. "Full Disk Access" - don't know, didn't even know that setting existed. We'll have to contact the customer again to check on that.

Notarization server hangs for hours then returns an error FB11547511 — Developer ToolsDeveloper Certificates, Identifiers, and Profilesjust now

My initial experiment indicates that if I use "zip -ry something.app" to create a zip of the app, then use "unzip something.app.zip" to restore it - that results in the Notarization of the DMG hanging and causing the above error. Previously, I had tried using just "zip -r something.app". When I unzipped that I'd always get a prompt asking to overwrite some file, which probably meant a link wasn't being handled correctly. Being unable to transfer the app via .zip is going to be a PITA.

Well, after quite a few hours (not sure how many, but > 4) it came back with this: Error: internalError(statusCode: Optional(500), strData: nil, jsonData: Optional(["statusCode": 500, "errors": <__NSSingleObjectArrayI 0x600000db82b0>( {     code = "UNEXPECTED_ERROR";     detail = "<null>";     id = G5FW7NFIIPPCZWYPDTUGODP7EQ;     links = "<null>";     status = 500;     title = "Uncaught server exception"; } ) ])) Please try again at a later time. I'll do some experiments to see if I can narrow down what part of my DMG is breaking the server.

Thanks, for the info, but let me clear up a couple items. Vagueness on tools was in relation to this: "For more details on how to work with installer packages, see the man pages for productbuild, productsign, pkgbuild, and pkgutil. " As the man pages don't do a good job of telling me when/why I need to use which one of those. Also note that codesign did NOT fail with an error saying the string was ambiguous. Both codesign and productsign ran without error. If the error you mentioned HAD been reported, it. would have definitely helped me figure out what the problem was. I do have Notarization succeeding now.

Well, the referenced instructions are a bit vague as to exactly which tool I should use when. The particular item in the DMG that the error is about is the actual Application that will be installed, not the installer application. The error just mentions a "Developer ID" certificate - which doesn't narrow down which particular version of certificate is needed. Note that we used to use: productsign --timestamp --sign $SIGNID "$PACKAGE_DEST/Install/MetrixApplication.pkg" "$PACKAGE_DEST/Install/MetrixApplication-signed.pkg" and that worked - before we had to switch to a whole new Apple developer account and certificates. It gets the exact same error as my attempt to use codesign. I think that I am using a Developer ID Installer code signing identity. H2WGX2D1Q6NW:BuildInstaller johnluss$ security find-identity -v   1) 3D7E5672AF0B37ABB6B3963FE0798A6E937FB44D "3rd Party Mac Developer Installer: Eps Us, LLC (F3YTHMJYQ9)"   2) A4BD899689B2C6ABB973D04B3D3519FC2859AAA2 "Developer ID Application: Eps Us, LLC (F3YTHMJYQ9)"   3) 4B963D271E6BA871BFCA42C21ACD6A5A6E812A09 "Developer ID Installer: Eps Us, LLC (F3YTHMJYQ9)"   4) 7FAFF5716D350A39D28FA64049A7E30A4FF929A4 "Apple Development: John Lussmyer (9W4G27WAV9)"      4 valid identities found The SIGNID I pass is F3YTHMJYQ9

FB11342355 ("Create New Certificate" page does not show the "Developer ID Installer" choice) Now that I have the correct certs, I have gotten through the first level of getting our new Apple ID to work. Next comes the headache of having to build a whole new script for doing the Notarization step for our DMG. (that was handled by another group, and we don't have the scripts they used.)

After doing more Google searches, I see that this is due to a bug on the create cert web page that won't show that kind of cert even exists if you aren't the account holder. I'll have to get the product manager to create that one as well. (Note: He doesn't have a Mac, and knows nothing about Macs, so this is a royal PITA.)

Ok, now I'm confused. Reading "Creating Distribution-Signed Code for Mac" mentioned in your earlier reply, I found "If you’re distributing a product independently, use a Developer ID Application code signing identity. This is named Developer ID Application: TTT, where TTT identifies your team.". So, we created a "Developer ID Application" cert. Now you are saying we need a "Developer ID Installer" cert. The only problem with that, is the web page to create certs doesn't HAVE a way to create one of that type. So, how do we create one?