Code Signing "Invalid", No Reason Given

Question

Created 14h

Replies 1

Boosts 0

Participants 2

Hello,

At work, we want to release a new version of our cross-platform desktop application this week. Unfortunately, I've had issues getting the dmg signed by the Apple notary service, which will delay the release until it's successful. However, I remade and successfully signed the previously released version (also dmg) with the same credentials, so I know it's not a problem with the file format or my account.

I have tried the following to no avail:

Lots of Googling
Running xcrun notarytool submit with the -v option (verbose) to see more error messages
Going to the URL given (appstoreconnect.apple.com/notary/v2/submissions/{submission_id}) and examining the file it downloaded (not much info, let alone helpful info)
Contacting Apple developer support over the phone (they couldn't help with this particular issue, since it's "code-level support")

The only big change we made this time was switching to Maven for our build tool and dependency management (we previously used Ant with manual dependency management).

Does anyone here have any insight? Is there a list of known issues or dependencies that will cause a submission to be invalidated? Or, even better, any way to see why the submission is invalid?

Thanks.

Boost

Answer 1

DTS Engineer OP

Apple

45m

I've had issues getting the dmg signed by the Apple notary service

That text suggests that you’ve misunderstood how notary works. The notary service doesn’t sign your product. Rather, you present it with a distribution-ready product, one that’s already signed, and the notary service checks it and, if all is well, issues a signed ticket. See Notarisation Fundamentals for more about how this process works.

As to why the notary service is refusing to notarise your product, it’s hard to say without more info. It sounds like you were able to submit the product and get a response, but the status is Invalid, indicating a problem with your submission. In that case the next step is to look at the notary log. What does it say?

See Fetching the Notary Log for info on how to get the log.

The only big change we made this time was switching to Maven

Ah, Java.

Notarising Java code can be tricky because it doesn’t follow the rules is Placing content in a bundle. Which isn’t to say that this task is impossible, just that it’s not a huge surprise you’re hitting this after switching from one Java build system to another.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0