General: Forums topic: Code Signing Forums subtopic: Code Signing > Notarization Forums tag: Notarization WWDC 2018 Session 702 Your Apps and the Future of macOS Security WWDC 2019 Session 703 All About Notarization WWDC 2021 Session 10261 Faster and simpler notarization for Mac apps WWDC 2022 Session 10109 What’s new in notarization for Mac apps — Amongst other things, this introduced the Notary REST API Notarizing macOS Software Before Distribution documentation Customizing the Notarization Workflow documentation Resolving Common Notarization Issues documentation Notary REST API documentation TN3147 Migrating to the latest notarization tool technote Fetching the Notary Log forums post Q&A with the Mac notary service team Developer > News post Apple notary service update Developer > News post Notarisation and the macOS 10.9 SDK forums post Testing a Notarised Product forums post Notarisation Fundamentals forums post The Pros and Cons of Stapling forums post Resolving Error 65 When Stapling forums post Many notarisation issues are actually code signing or trusted execution issue. For more on those topics, see Code Signing Resources and Trusted Execution Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

I've tried to notarize my app recently and got the error:{ "logFormatVersion": 1, "jobId": "...", "status": "Rejected", "statusSummary": "Team is not yet configured for notarization", "statusCode": 7000, "archiveFilename": "myapp.dmg", "uploadDate": "2019-06-20T06:24:53Z", "sha256": "...", "ticketContents": null, "issues": null }I've never heard about "team configuration for notarization" previously. What are the steps to resolve that issue?Thanks in advance.

The notary service requires that all Mach-O images be linked against the macOS 10.9 SDK or later. This isn’t an arbitrary limitation. The hardened runtime, another notarisation requirement, relies on code signing features that were introduced along with macOS 10.9 and it uses the SDK version to check for their presence. Specifically, it checks the SDK version using the sdk field in the LC_BUILD_VERSION Mach-O load command (or the older LC_VERSION_MIN_MACOSX command). There are three common symptoms of this problem: When notarising your product, the notary service rejects a Mach-O image with the error The binary uses an SDK older than the 10.9 SDK. When loading a dynamic library, the system fails with the error mapped file has no cdhash, completely unsigned?. When displaying the code signature of a library, codesign prints this warning: % codesign -d vvv /path/to/your.dylib … Library validation warning=OS X SDK version before 10.9 does not support Library Validation … If you see any of these errors, read on… The best way to avoid this problem is to rebuild your code with modern tools. However, in some cases that’s not possible. Imagine if your app relies on the closed source libDodo.dylib library. That library’s vendor went out of business 10 years ago, and so the library hasn’t been updated since then. Indeed, the library was linked against the macOS 10.6 SDK. What can you do? The first thing to do is come up with a medium-term plan for breaking your dependency on libDodo.dylib. Relying on an unmaintained library is not something that’s sustainable in the long term. The history of the Mac is one of architecture transitions — 68K to PowerPC to Intel, 32- to 64-bit, and so on — and this unmaintained library will make it much harder to deal with the next transition. IMPORTANT I wrote the above prior to the announcement of the latest Apple architecture transition, Apple silicon. When you update your product to a universal binary, you might as well fix this problem on the Intel side as well. Do not delay that any further: While Apple silicon Macs are currently able to run Intel code using Rosetta 2, that’s not something you want to rely on in the long term. Heed this advice from About the Rosetta Translation Environment: Rosetta is meant to ease the transition to Apple silicon, giving you time to create a universal binary for your app. It is not a substitute for creating a native version of your app. But what about the short term? Historically I wasn’t able to offer any help on that front, but this has changed recently. Xcode 11 ships with a command-line tool, vtool, that can change the LC_BUILD_VERSION and LC_VERSION_MIN_MACOSX commands in a Mach-O. You can use this to change the sdk field of these commands, and thus make your Mach-O image ‘compatible’ with notarisation and the hardened runtime. Before doing this, consider these caveats: Any given Mach-O image has only a limited amount of space for load commands. When you use vtool to set or modify the SDK version, the Mach-O could run out of load command space. The tool will fail cleanly in this case but, if it that happens, this technique simply won’t work. Changing a Mach-O image’s load commands will break the seal on its code signature. If the image is signed, remove the signature before doing that. To do this run codesign with the --remove-signature argument. You must then re-sign the library as part of your normal development and distribution process. Remember that a Mach-O image might contain multiple architectures. All of the tools discussed here have an option to work with a specific architecture (usually -arch or --architecture). Keep in mind, however, that macOS 10.7 and later do not run on 32-bit Macs, so if your deployment target is 10.7 or later then it’s safe to drop any 32-bit code. If you’re dealing with a Mach-O image that includes 32-bit Intel code, or indeed PowerPC code, make your life simpler by removing it from the image. Use lipo for this; see its man page for details. It’s possible that changing a Mach-O image’s SDK version could break something. Indeed, many system components use the main executable’s SDK version as part of their backwards compatibility story. If you change a main executable’s SDK version, you might run into hard-to-debug compatibility problems. Test such a change extensively. It’s also possible, but much less likely, that changing the SDK version of a non-main executable Mach-O image might break something. Again, this is something you should test extensively. This list of caveats should make it clear that this is a technique of last resort. I strongly recommend that you build your code with modern tools, and work with your vendors to ensure that they do the same. Only use this technique as part of a short-term compatibility measure while you implement a proper solution in the medium term. For more details on vtool, read its man page. Also familiarise yourself with otool, and specifically the -l option which dumps a Mach-O image’s load commands. Read its man page for details. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Revision history: 2025-04-03 — Added a discussion of common symptoms. Made other minor editorial changes. 2022-05-09 — Updated with a note about Apple silicon. 2020-09-11 — First posted.

I have a misterous problem with checking DMG notarization. It fails: bash-3.2$ spctl -a -t open --context context:primary-signature -v MyApp.dmg MyApp: rejected source=no usable signature However this DMG installs fine on Big Sur 11.2.2, macOS allows to run this app, and checking of notarization for installed app was passed: bash-3.2$ spctl -a -v '/Applications/MyApp.app' /Applications/MyApp.app: accepted source=Notarized Developer ID I checked other downloaded apps (Intel or Universal). Some DMG files pass DMG notarization (for example, Audacity), and some fails (PerfectTablePlan). Why? For my app (Universal) I use the following code to codesign and notarize: codesign --timestamp --options runtime --force --deep -s "Developer ID Application: MYCOMPANY" "My.app" // Creating DMG with EULA license xcrun altool --notarize-app --primary-bundle-id MyApp -u "my@email.com" -p "abc123" --file MyApp.dmg xcrun stapler staple MyApp.dmg

I started a notarization run a few hours ago. (and used --wait) Conducting pre-submission checks for Metrix Installer.dmg and initiating connection to the Apple notary service... Submission ID received   id: dd77be4c-0cb6-4913-a846-d4025ede37fd Successfully uploaded file   id: dd77be4c-0cb6-4913-a846-d4025ede37fd   path: /Users/johnluss/Work/Metrix Installer.dmg Waiting for processing to complete. Current status: In Progress................................................................................................................................. I finally ctrl-c out of it (PAGES of ....) and tried getting the log Submission log is not yet available or submissionId does not exist   id: dd77be4c-0cb6-4913-a846-d4025ede37fd The Apple System Status page shows all servers up and running. Any suggestions on what might be going wrong?

Notarization step fails: New AppID and password created: xcrun notarytool submit “.dmg” --apple-id “” --team-id “” --password “” --verbose --wait Error: HTTP status code: 401. Your Apple ID has been locked. Visit iForgot to reset your account (https://iforgot.apple.com), then generate a new app-specific password. Ensure that all authentication arguments are correct. I have reset app password many times, not result. Codesigning completes normally: Mac OS 11.5.2 Xcode 13.2.1

Hello, For my macOS app, on Xcode version 15.4 (15F31d) on macOS 14.5 (23F79) I follow Organizer > Distribute App > Direct Distribution, and I get a Notary Error "The operation couldn't be completed. (SotoS3.S3ErrorType.multipart error 1.)" It's been happening since 3 days. In the IDEDistribution.verbose.log file I see: https://gist.github.com/atacan/5dec7a5e26dde0ec06a5bc4eb3607461

Hello! I've been facing an issue with notarizing a macOS app with an Enterprise API Key. Due to some misunderstanding setting up the project some years ago, the notarization step was using a developer's accounts API Key. I am looking to fix it to have everything centralized in the Enterprise account we work with, but I get "Debug [JWT] Generating new JWT for key ID" with the new key. This is using the xcrun notarytool directly to get more input. Using Fastlane it fails as: Error polling for notarization info: [11:29:25]: unexpected token at '' The project is deployed via MDM, so we need it to prevent the security warning. I used this documentation to create the key: https://developer.apple.com/documentation/enterpriseprogramapi/creating-api-keys-for-enterprise-program-api I have tried a Developer and an Admin access key, and the Account Holder has also created an Admin key but the errors keep the same. I just updated my Fastlane script to use the new key with the updated values. The old developer account key still works. I am not sure if I am missing any steps in the documentation or if this is not achievable. Important to add that all the profiles and certificates were already set up properly in the Enterprise account, the only error was using an App Store Connect Key instead of an Enterprise Key. Thanks in advance for the help.

Hello, I've developed an application using Electron with JAVACRIPT. I have managed to deploy to both Windows and the web but having trouble deploying the application to my Mac users. It's my first time deploying an application for Mac but feel like I'm stuck at the last hurdle and out of ideas so I'm reaching out for help. My application is successfully signing but during the build and when my Notarize.js is running it seems to get stuck indefinitely. I can check and see the status of the Notarize attempts but they seem to be stuck "In Progress". Here are the logs. Successfully received submission history. history -------------------------------------------------- createdDate: 2025-01-06T00:59:45.245Z id: 1dc39b5f-fdca-4bf2-a6f6-fa793de2786e name: Popcorn-1.0.0.dmg status: In Progress -------------------------------------------------- createdDate: 2025-01-04T08:01:36.168Z id: c575b015-edd6-4e09-8da5-7ae09f4f67db name: Popcorn-1.0.0.dmg status: In Progress -------------------------------------------------- createdDate: 2025-01-03T08:30:31.528Z id: 570ae540-8cce-4418-ab09-7f6be33dc245 name: Popcorn-1.0.0.dmg status: In Progress -------------------------------------------------- createdDate: 2025-01-03T07:57:56.701Z id: 42748de8-026a-4663-9fd2-88c7608588d3 name: Popcorn-1.0.0.dmg status: In Progress -------------------------------------------------- createdDate: 2025-01-03T06:30:19.569Z id: 5140caa0-df14-491a-b148-82015f9856da name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-03T05:56:28.916Z id: 535c6be1-4999-4b3e-9766-42512a8deb67 name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-03T02:51:04.893Z id: ead2268c-62b2-4b4b-8850-c1cdb5313d6a name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-03T01:50:51.954Z id: d0c44281-a788-4704-a057-4620d284516d name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-03T00:48:54.445Z id: 3d13727c-06a3-49d7-902b-4001522107c3 name: Popcorn-1.0.0.dmg status: In Progress -------------------------------------------------- createdDate: 2025-01-02T13:35:26.715Z id: 1823a550-a9ff-467a-8a60-dd3e42305258 name: Popcorn-1.0.0.dmg status: In Progress -------------------------------------------------- createdDate: 2025-01-02T13:23:41.894Z id: cbc341a2-9a51-43d6-83ae-713443c84fec name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T12:21:44.561Z id: 1af34419-655f-49b8-bea0-05b4232c46a7 name: Popcorn-1.0.0.dmg status: In Progress -------------------------------------------------- createdDate: 2025-01-02T11:34:03.732Z id: 8c4ab3b5-2ea9-4220-9667-94011bcf76fb name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T11:19:16.052Z id: 093dfb8a-9058-417d-acd3-8ea5d0bb654a name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T11:13:14.676Z id: 556b7c1c-d114-4717-b0f7-4f1614ada845 name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T10:52:36.834Z id: ce3d3c8a-d218-4978-8757-2ca9d12aad76 name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T09:27:13.535Z id: b65ec764-baab-444d-809b-e4242d70548b name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T09:27:01.176Z id: be228acc-e6a2-48f2-937b-5b2962275052 name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T09:19:19.182Z id: d99fc10b-c424-4d0c-a2aa-37a9e9165d91 name: Popcorn-1.0.0.dmg status: In Progress -------------------------------------------------- createdDate: 2025-01-02T08:55:43.064Z id: 2e7f8df7-9c0b-4dd0-8df7-8f3428c0bfa0 name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T08:19:48.676Z id: 678355da-e413-4b1a-92a8-776a6ff6a055 name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T07:58:48.278Z id: 8591f8d7-1d57-4e80-af90-d77190160a20 name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T07:54:41.193Z id: f029dfeb-3f14-4f65-83e2-d9356ef6ac00 name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T07:27:50.613Z id: 574f2563-d533-4885-947a-2f57170196af name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T07:09:54.203Z id: 589f7f3a-d231-4911-8ad6-9d2c15a61ac0 name: popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T05:39:02.574Z id: 9edd43de-6d14-4743-87fc-ab570bee7399 name: Popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T04:36:12.342Z id: ba02116d-1aad-4521-8667-ad086b14c1cb name: Popcorn.zip status: In Progress -------------------------------------------------- createdDate: 2025-01-02T03:22:49.185Z id: b8585c81-b7f5-4c35-9bd6-62157c6ce4bc name: Popcorn.zip status: In Progress

Notarization has been stuck for hours in "Current Status: In Progress...." Should I keep on waiting or restart the process. If I need to restart the process, how should I go about and do that?

I have created a Mac Catalyst version of the same app, and it was transferred from an old account to a new one. However, the Mac Catalyst build has been stuck in progress for several days when attempting to notarize it. After many days, I got the rejection with the following error: Team is not yet configured for notarization. Please contact Developer Programs Support at developer.apple.com under the topic Development and Technical / Other Development or Technical Questions. I have already tried to create a new developer ID certificate, but it still has the same issue. On the other hand, the iOS app is working fine and has been published in the App Store. Could you please assist us in resolving this issue as quickly as possible? Your prompt help would be greatly appreciated.

A few hours ago, it took 3 minutes to get the notarization phase of our build done... now I've got one that's been running for 25 minutes and hasn't finished yet. The last time this happened, the waits got up to multiple hours, and the status page didn't get updated.

Hi everyone, Native Instruments is encountering a critical issue with the notarization process. The xcrun notary submit command appears to be stuck and is not completing, preventing us from notarizing our apps. Specifically, the command hangs indefinitely. This issue started today. We've already tried the following troubleshooting steps: Cancelling and re-running the command Checking my internet connection Checking the Apple System Status page Cleaning the build folder using a different machine This is a major blocker for our company, as it's preventing from from us from testing and releasing some of our products. It seems to be a similar issue as reported in https://developer.apple.com/forums/thread/772542?page=2. Has anyone else experienced xcrun notary submit getting stuck like this? Any insights or suggestions would be greatly appreciated. I'm particularly interested in knowing if there are any known issues with the notarization service currently. Details about my setup: Xcode Version: 16.1 macOS Version: 14.7.1 App Type: macOS app Thanks in advance for your help!

I have an app that only crashes once it's been notarised. I read a few posts that essentially said before trying to identify issues by reviewing the crash report I should ensure signing and notarisation has happened correctly. I've worked through the document "Resolving common notarization issues" spctl -vvv --assess --type exec: gives no errors and correctly returns my developer id. codesign -dvv: returns a timestamp My app uses a hardened runtime. My app shows up in Xcode as a macOS Archive (e.g not a Generic Xcode Archive) Here is the crash report. Translated Report (Full Report Below) Process: Scene Finder [44479] Path: /Users/USER/Downloads/Scene Finder.app/Contents/MacOS/Scene Finder Identifier: Version: 0.9 (20250206.1) Code Type: ARM-64 (Native) Parent Process: launchd [1] User ID: 501 Date/Time: 2025-02-11 13:09:03.7786 +1000 OS Version: macOS 15.3 (24D60) Report Version: 12 Anonymous UUID: EE8B1269-0A8A-3AB6-516B-C752E8A18B5A Sleep/Wake UUID: 436CD7CF-7B13-4A9C-9425-7EF94CC007A9 Time Awake Since Boot: 98000 seconds Time Since Wake: 9524 seconds System Integrity Protection: enabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Termination Reason: Namespace SIGNAL, Code 6 Abort trap: 6 Terminating Process: Scene Finder [44479]

I had submitted my app for notarization and it shows the below error - "status": "Rejected", "statusSummary": "Team is not yet configured for notarization. Please contact Developer Programs Support at developer.apple.com under the topic Development and Technical / Other Development or Technical Questions.", "statusCode": 7000, I have raised a ticket in the support but no reply yet. Kindly help ASAP

Hello, I am trying without luck to create a .dmg or .pkg for my electron app that can be opened by any user on a mac. Every time I fail. All is happening by the same pattern. Here is the last try with creating a .pkg instead of .dmg. The app is built and it is signed correctly (I suppose) codesign --verify --verbose=1 dist/mac-universal/VIVIDTIME.app dist/mac-universal/VIVIDTIME.app: valid on disk dist/mac-universal/VIVIDTIME.app: satisfies its Designated Requirement I created a .pkg pkgbuild --root "dist/mac-universal/VIVIDTIME.app" \ --install-location "/Applications/VIVIDTIME.app" \ --identifier "app.vividtime.mac" \ --version "1.1.0" \ --sign "Developer ID Installer: Pavel Bochkov-Rastopchin (2QKDCTR5Y3)" \ dist/VIVIDTIME.pkg pkgbuild: Inferring bundle components from contents of dist/mac-universal/VIVIDTIME.app pkgbuild: Adding component at Contents/Frameworks/Mantle.framework pkgbuild: Adding component at Contents/Frameworks/VIVIDTIME Helper.app pkgbuild: Adding component at Contents/Frameworks/VIVIDTIME Helper (GPU).app pkgbuild: Adding component at Contents/Frameworks/Electron Framework.framework pkgbuild: Adding component at Contents/Frameworks/Squirrel.framework pkgbuild: Adding component at Contents/Frameworks/VIVIDTIME Helper (Renderer).app pkgbuild: Adding component at Contents/Frameworks/VIVIDTIME Helper (Plugin).app pkgbuild: Adding component at Contents/Frameworks/ReactiveObjC.framework pkgbuild: Using timestamp authority for signature pkgbuild: Signing package with identity "Developer ID Installer: Pavel Bochkov-Rastopchin (2QKDCTR5Y3)" from keychain /Users/innrvoice/Library/Keychains/login.keychain-db pkgbuild: Adding certificate "Developer ID Certification Authority" pkgbuild: Adding certificate "Apple Root CA" pkgbuild: Wrote package to dist/VIVIDTIME.pkg

I'm about at my wit's end trying to figure out why I can sign and notarize code, but am unable to staple the notarization, no matter what I do. I've reinstalled Xcode, reinstalled certificates, and tried about every suggestion that I can find, but still no luck. 2023 M3 MacBook Pro, OS X 15.3.1, Xcode 16.2. I have created a very basic Xcode app to test this with. I am building the project: codegen generate && xcodebuild -project SimpleNotarizationTest.xcodeproj -scheme SimpleNotarizationTest -configuration Release clean build (see attached file for build log) build-log.txt The signature and entitlements verify: codesign -d --entitlements :- ~/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-*/Build/Products/Release/SimpleNotarizationTest.app Output: Executable=/Users/minter/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-ecqihdiubptfnldimmjgnqpjr xun/Build/Products/Release/SimpleNotarizationTest.app/Contents/MacOS/SimpleNotarizationTest warning: Specifying ':' in the path is deprecated and will not work in a future release <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple .com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.security.app-sandbox</key><true/><k ey>com.apple.security.files.user-selected.read-only</key><true/></dict></plist> I created a zip file: ditto -c -k --keepParent ~/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-*/Build/Products/Release/SimpleNotarizationTest.app SimpleNotarizationTest.zip I submitted the app for notarization and it was approved: xcrun notarytool submit SimpleNotarizationTest.zip --apple-id "$APPLE_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --team-id "$APPLE_TEAM_ID" --wait Output: Conducting pre-submission checks for SimpleNotarizationTest.zip and initiating connection to the Apple notary service... Submission ID received id: d2c0d6b0-cd55-4fa6-b958-09767d562a33 Upload progress: 100.00% (23.6 KB of 23.6 KB) Successfully uploaded file id: d2c0d6b0-cd55-4fa6-b958-09767d562a33 path: /Users/minter/tmp/simple-app-stapling/SimpleNotarizationTest.zip Waiting for processing to complete. Current status: Accepted......... Processing complete id: d2c0d6b0-cd55-4fa6-b958-09767d562a33 status: Accepted I attempt to staple the app: xcrun stapler staple -v ~/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-*/Build/Products/Release/SimpleNotarizationTest.app And it fails. See verbose stapling log. verbose-stapling-log.txt The top line is that it finds and downloads the ticket, but can't/won't staple. Downloaded ticket has been stored at file:///var/folders/dd/cgm9_v3n399_zqqsphgzs5jh0000gn/T/1b7cb7d8-9a9e-462c-831b-09de1b896d9e.ticket. Could not validate ticket for /Users/minter/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-ecqihdiubptfnldimmjgnqpjrxun/Build/Products/Release/SimpleNotarizationTest.app The staple and validate action failed! Error 65. Wade-Minter~/tmp/simple-app-stapling(:|✔) % From my debugging, I can say: The code signature appears valid and includes a secure timestamp from Feb 23, 2025 The app is properly signed with Developer ID Application The notarization ticket is being successfully retrieved from Apple's servers (as shown in the verbose output) The ticket is being downloaded to a temporary location, but the stapler is failing to validate it with error 65 The app bundle structure appears complete with all required components The CDHash matches between the code signature and the notarization ticket: 604544b32d7074dd77e2e6f2070f6e2d41f6368d If I run: spctl -a -vv ~/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-*/Build/Products/Release/SimpleNotarizationTest.app The output is: Wade-Minter~/tmp/simple-app-stapling(:|✔) % spctl -a -vv ~/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-*/Build/Products/Release/SimpleNotaspctlionTest.app /Users/minter/Library/Developer/Xcode/DerivedData/SimpleNotarizationTest-ecqihdiubptfnldimmjgnqpjrxun/Build/Products/Release/SimpleNotarizationTest.app: rejected source=Unnotarized Developer ID origin=Developer ID Application: Fourth Line LLC (6U2KJ5KDT4) To summarize: The app is being recognized as "Unnotarized Developer ID" despite successful notarization The stapler is able to retrieve the ticket but fails during validation The error code 65 consistently appears during stapling attempts All code signing and bundle integrity checks pass The notarization ticket is being successfully downloaded but not successfully attached Any insight will be appreciated, since I've exhausted every option that I can find.

Hi guys, I got an error about mac notarization result return 132. here is the stack trace on the logs: 2025-02-25 02:53:55,503 ERROR [org.ecl.cbi.ws.mac.not.xcr.not.NotarytoolNotarizer] (macos-notarization-service-pool-thread-13) Error while parsing the output after the upload of '/tmp/macos-notarization-service/pending-files/myapplication.dmg' to the Apple notarization service: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Premature end of file. at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:204) at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:178) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:400) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:327) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1465) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:1013) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:542) at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:889) at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:825) at java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141) at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1224) at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:637) at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserImpl.java:326) at java.xml/javax.xml.parsers.SAXParser.parse(SAXParser.java:197) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.PListDict.fromXML(PListDict.java:134) at org.eclipse.cbi.ws.macos.notarization.xcrun.notarytool.NotarytoolNotarizer.analyzeSubmissionResult(NotarytoolNotarizer.java:39) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.NotarizationTool.upload(NotarizationTool.java:50) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.Notarizer.lambda$uploadFailsafe$3(Notarizer.java:65) at net.jodah.failsafe.Functions.lambda$get$0(Functions.java:48) at net.jodah.failsafe.RetryPolicyExecutor.lambda$supply$0(RetryPolicyExecutor.java:66) at net.jodah.failsafe.Execution.executeSync(Execution.java:128) at net.jodah.failsafe.FailsafeExecutor.call(FailsafeExecutor.java:379) at net.jodah.failsafe.FailsafeExecutor.get(FailsafeExecutor.java:68) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.Notarizer.uploadFailsafe(Notarizer.java:65) at org.eclipse.cbi.ws.macos.notarization.NotarizationService.lambda$notarize$0(NotarizationService.java:192) at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:840) Do you know why? If you have any thread or documents telling about the details of return values of the command: 'xcrun notarytool submit'

Hi, I had an issue when I notarized myapplication.dmg with Process 'xcrun notarytool submit' exited with value '132'. Do you know how to solve it? Do you have any explanation about the response value when we execute 'xcrun notarytool submit'? Thank you very much! 2025-02-25 09:36:18,182 ERROR [org.ecl.cbi.ws.mac.not.xcr.not.NotarytoolNotarizer] (macos-notarization-service-pool-thread-14) Error while parsing the output after the upload of '/tmp/macos-notarization-service/pending-files/myapplication.dmg' to the Apple notarization service: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Premature end of file. at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:204) at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:178) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:400) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:327) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1465) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:1013) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605) at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:542) at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:889) at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:825) at java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141) at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1224) at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:637) at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserImpl.java:326) at java.xml/javax.xml.parsers.SAXParser.parse(SAXParser.java:197) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.PListDict.fromXML(PListDict.java:134) at org.eclipse.cbi.ws.macos.notarization.xcrun.notarytool.NotarytoolNotarizer.analyzeSubmissionResult(NotarytoolNotarizer.java:39) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.NotarizationTool.upload(NotarizationTool.java:50) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.Notarizer.lambda$uploadFailsafe$3(Notarizer.java:65) at net.jodah.failsafe.Functions.lambda$get$0(Functions.java:48) at net.jodah.failsafe.RetryPolicyExecutor.lambda$supply$0(RetryPolicyExecutor.java:66) at net.jodah.failsafe.Execution.executeSync(Execution.java:128) at net.jodah.failsafe.FailsafeExecutor.call(FailsafeExecutor.java:379) at net.jodah.failsafe.FailsafeExecutor.get(FailsafeExecutor.java:68) at org.eclipse.cbi.ws.macos.notarization.xcrun.common.Notarizer.uploadFailsafe(Notarizer.java:65) at org.eclipse.cbi.ws.macos.notarization.NotarizationService.lambda$notarize$0(NotarizationService.java:192) at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:840)

Hey everyone, I’m wondering if anyone has run into any issues with this. Before I uploaded, I guess maybe 20 assets of 1080 x 720, my notarization was taking around 2-3 minutes almost instant. Now I’m looking at 30 minutes. I have no idea when the notarization is going to end. I’m wondering if asset size has any impact on notarization speed, and if so, is this going to be a one-time thing or is this going to happen with all my following builds? Let me know if anyone has run into anything similar or if the notarization service is just down right now. ⁠