How Notarize my .PKG After signing it : No suitable application records were found

Code Signing Notarization
Medialog33 OP
Created Jun ’21
Replies 10
Boosts 0
Views 2.4k
Participants 2

Hello,

I have signed my .pkg but now I want to notarize my installer package.

I execute this command :

xcrun altool --validate-app -f ****.pkg -t osx -u *****@****.fr -p password

where password is an application password generate with appleid.apple.com.

But I Have this response after having execute this command :

`altool[18824:6583386] CFURLRequestSetHTTPCookieStorageAcceptPolicy_block_invoke: no longer implemented and should not be called

altool[18824:6583381] *** Error: Unable to validate archive 'JFSE.pkg': (

    "Error Domain=ITunesConnectionOperationErrorDomain Code=1190 "No suitable application records were found. Verify your bundle identifier 'SurgicaTools' is correct and that you are signed into Xcode with an Apple ID that has access to the app in App Store Connect." UserInfo={NSLocalizedRecoverySuggestion=No suitable application records were found. Verify your bundle identifier 'SurgicaTools' is correct and that you are signed into Xcode with an Apple ID that has access to the app in App Store Connect., NSLocalizedDescription=No suitable application records were found. Verify your bundle identifier 'SurgicaTools' is correct and that you are signed into Xcode with an Apple ID that has access to the app in App Store Connect., NSLocalizedFailureReason=iTunes Store operation failed.}"

)`

I have test this command :

xcrun altool --notarize-app --username "****@****.fr" --password "****-***-***-**" --file "JFSE.pkg"

But she doesn't worked withs response : altool: unrecognized option `--notarize-app'

Can I have help ?

Replies  10
Boosts  0
Views  2.4k
Participants  2
DTS Engineer OP
Apple
Jun ’21

You are ‘holding this wrong’ )-:

The --validate-app command is only appropriate for Mac App Store apps. You can’t use it for Developer ID products.

To notarise your product, use the --notarize-app command. See Customizing the Notarization Workflow for the details.

Oh, and there’s no way to validate a product prior to notarisation; you’ll just have to notarise it and then check for problems.

unrecognized option ‘--notarize-app’

Well, that’s weird. Do this:

% xcrun -f altool
/Applications/Xcode.app/Contents/Developer/usr/bin/altool

and then find that copy of Xcode in the Finder and do a File > Get Info. What version do you see?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Medialog33 OP
Jun ’21

Yes I download a new version of Xcode and it's work --Notarize-app but..

My Last question is : Where do you have the --primary-bundle-id ?

0
Medialog33 OP
Jun ’21

I have found how having a primary bundle id but now when I Execute this command I Have this problem :

          Date: 2021-06-14 08:52:55 +0000

          Hash: ************

    LogFileURL: ********

   RequestUUID: **********

        Status: invalid

   Status Code: 2

Status Message: Package Invalid

And in Logfilurl, I have this error message : "début du répertoire central introuvable ;\n fichier zip corrompu.\n (veuillez vérifier que vous avez transféré ou créé le zip dans le\n mode BINARY approprié et que vous avez correctement compilé UnZip)\n'","

start of central directory not found; \ n corrupted zip file. \ n (please check that you created or created the zip in the correct \ n BINARY mode and compiled UnZip correctly) \ n '",

0
DTS Engineer OP
Apple
Jun ’21

Yes I download a new version of Xcode and it's work

Cool!

Where do you have the --primary-bundle-id?

Three things:

  • All code that you sign must have a code signing identifier. Normally this tracks the code’s bundle ID but, for non-bundled code, you have to synthesise that. For more on this, see Signing a Mac Product For Distribution (search for signing non-bundled code).

  • For --primary-bundle-id, you should supply the bundle ID (or code siging identifier if it’s not bundled) of the most important component within the product you’re notarising.

  • However, this doesn’t actually matter! The notary service doesn’t put any constraints on the --primary-bundle-id value you use; it’s more like a comment to help you keep track of your various notarisation requests. So you could supply com.example.waffle-varnish for everything and things will work just fine.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Medialog33 OP
Jun ’21

I have found how having a primary bundle id but now when I Execute this command I Have this problem :

     Date: 2021-06-14 08:52:55 +0000      Hash: ************   LogFileURL: ********   RequestUUID: **********     Status: invalid   Status Code: 2 Status Message: Package Invalid

And in Logfilurl, I have this error message :

  • début du répertoire central introuvable ;\n fichier zip corrompu.\n (veuillez vérifier que vous avez transféré ou créé le zip dans le\n mode BINARY approprié et que vous avez correctement compilé UnZip)\n'","

  • start of central directory not found; \ n corrupted zip file. \ n (please check that you created or created the zip in the correct \ n BINARY mode and compiled UnZip correctly) \ n '",

0
DTS Engineer OP
Apple
Jun ’21

It sounds like the notary service doesn’t like one of your zip archives. The error entry in the JSON should include a path. What does that point to?

ps You can use code style (surround inline text in backticks) or a code block (surround a multiline block of text in triple backticks) to make it easier for folks to read your post.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Medialog33 OP
Jun ’21

Yes that's, In Log the path point a .app but how I can fixe this problem ?

0
DTS Engineer OP
Apple
Jun ’21

In log the path point a .app

Hmmm. In your first post you said you were trying to validate an installer package (.pkg). Now that you’ve switch to the notary service, are you still trying to submit an installer package? Or have you switched to a zip archive?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Medialog33 OP
Jun ’21

To be clearer, in the next, that's the logurl :

  "logFormatVersion": 1,
  "jobId": "*********",
  "statut": "Invalide",
  "statusSummary": "L'archive contient des erreurs de validation critiques",
  "statusCode": 4000,
  "archiveFilename": "JFSE_signed.pkg",
  "date de téléchargement": "2021-06-16T08:06:21Z",
  "sha256": "*********",
  "ticketContents": null,
  "questions": [
    {
      "gravité": "avertissement",
      "code": nul,
      "path": "JFSE_signed.pkg/JFSE.pkg Contents/Payload/Applications/MEDI2000/KIT_JFSE_MAC.zip/JFSE/Lecteur/gestionlecteursv.app/Contents/Java/clm-aat-client.jar/models/accuseDepot.odt" ,
      "message": "b'warning [/tmp/tmpkqfjw8es/clm-aat-client.jar.unpacked_00/models/accuseDepot.odt] : 7691 octets supplémentaires au début ou dans le fichier zip\\n (en essayant de traiter quand même)\\ nerror [/tmp/tmpkqfjw8es/clm-aat-client.jar.unpacked_00/models/accuseDepot.odt] : début du répertoire central introuvable ;\\n fichier zip corrompu.\\n (veuillez vérifier que vous avez transféré ou créé le zip dans le\\n mode BINARY approprié et que vous avez correctement compilé UnZip)\\n'",
      "docUrl": null,
      "architecture": null
    },
    {
      "gravité": "erreur",
      "code": nul,
      "path": "JFSE_signed.pkg/JFSE.pkg Contents/Payload/Applications/MEDI2000/KIT_JFSE_MAC.zip/JFSE/Lecteur/gestionlecteursv.app/Contents/MacOS/JavaAppLauncher",
      "message": "La signature du binaire est invalide.",
      "docUrl": null,
      "architecture": "i386"
    },
    {
      "gravité": "erreur",
      "code": nul,
      "path": "JFSE_signed.pkg/JFSE.pkg Contents/Payload/Applications/MEDI2000/KIT_JFSE_MAC.zip/JFSE/Lecteur/gestionlecteursv.app/Contents/MacOS/JavaAppLauncher",
      "message": "La signature du binaire est invalide.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "gravité": "erreur",
      "code": nul,
      "path": "JFSE_signed.pkg/JFSE.pkg Contents/Payload/Applications/MEDI2000/KIT_JFSE_MAC.zip/JFSE/Lecteur/gestionlecteursv.app/Contents/PlugIns/jdk-11.0.2.jdk/Contents/MacOS/libjli. dylib",
      "message": "La signature du binaire est invalide.",
      "docUrl": null,
      "architecture": "x86_64"
    },
    {
      "gravité": "erreur",
      "code": nul,
      "path": "JFSE_signed.pkg/JFSE.pkg Contents/Scripts/UserInputQuery.app/Contents/MacOS/SurgicaTools",
      "message": "L'exécutable n'a pas le runtime renforcé activé.",
      "docUrl": null,
      "architecture": "x86_64"
    }
  ]
}

Like you can see, in my .pkg, there are 2 .app who makes problem. So, How I can fix this ?

0
DTS Engineer OP
Apple
Jun ’21

So you have an installer package with zip archives within the package? That’s weird. Why do you do that? Do you actually want the zip archives to end up on the user system as zip archives? Or do you unpack them during the installation process?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
How Notarize my .PKG After signing it : No suitable application records were found
First post date Last post date
 
 
Q