Menu
These are the commands I'm running. This used to work for me every time but now it's failing.
codesign -s "Developer ID Application: <YOUR NAME>" --timestamp --options runtime -f --entitlements entitlements.plist --deep <APP NAME>.app
/usr/bin/ditto -c -k --keepParent <APP NAME>.app <APPNAME>.zip
xcrun altool --notarize-app --primary-bundle-id "<BUNDLE ID>" -u "<YOUR EMAIL>" -p "<APP SPECIFIC PASSWORD>" --file <YOURAPP>.zip
I get an email with "your app has failed notarization" or whatnot.
These are the errors I'm getting.
{
"logFormatVersion": 1,
"jobId": "69910cca-87c0-44f6-a8ec-a0c8a6a7b614",
"status": "Invalid",
"statusSummary": "Archive contains critical validation errors",
"statusCode": 4000,
"archiveFilename": "MegaHasan.zip",
"uploadDate": "2020-02-05T19:07:48Z",
"sha256": "b6b7c75a0e50a9ec9f238360c674f9345ef6a97d27a21a69e793b7938927eb42",
"ticketContents": null,
"issues": [
{
"severity": "error",
"code": null,
"path": "MegaHasan.zip/Mega Hasan.app/Contents/Plugins/plugin_bit.dylib",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "MegaHasan.zip/Mega Hasan.app/Contents/Plugins/plugin_bit.dylib",
"message": "The signature does not include a secure timestamp.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "MegaHasan.zip/Mega Hasan.app/Contents/Plugins/plugin_bit.dylib",
"message": "The binary uses an SDK older than the 10.9 SDK.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "MegaHasan.zip/Mega Hasan.app/Contents/Plugins/libsteam_api.dylib",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "MegaHasan.zip/Mega Hasan.app/Contents/Plugins/libsteam_api.dylib",
"message": "The signature does not include a secure timestamp.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "MegaHasan.zip/Mega Hasan.app/Contents/Plugins/plugin_steamworks.dylib",
"message": "The binary is not signed with a valid Developer ID certificate.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "MegaHasan.zip/Mega Hasan.app/Contents/Plugins/plugin_steamworks.dylib",
"message": "The signature does not include a secure timestamp.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "MegaHasan.zip/Mega Hasan.app/Contents/Frameworks/CoronaCards.framework/Versions/A/Frameworks/gameNetwork.dylib",
"message": "The binary uses an SDK older than the 10.9 SDK.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": "MegaHasan.zip/Mega Hasan.app/Contents/Frameworks/CoronaCards.framework/Versions/A/Frameworks/licensing.dylib",
"message": "The binary uses an SDK older than the 10.9 SDK.",
"docUrl": null,
"architecture": "x86_64"
}
]
}
721
Look for the line beginning "codedirectory" and ensure that one of the flags listed is "runtime". Show activity on this post. If the message says "does not have the hardened runtime enabled.", then it is so.
Notarization only works for binaries linked against macOS 10.9 or later. You must relink the offending library against SDK 10.9 or later and resubmit the application.
You must install an XCode macos SDK at least as modern as 10.9 and use it as your sysroot when you compile and link the libraries which are not up to date. Then recompile and link your app against the new libs. It is usually a good idea to compile all dylibs and the main executive binary with the same toolchain. For notarization, any pre 10.9 sdk-linked binary is going to be a no-go unfortunately.
96
I'm running to similar issues with a notarization process for electron that used to work and now doesn't. I found that somehow some of my certificates had been revoked. They didn't show that way in the Apple Developer site, but when I went into Xcode: Preferences: Accounts and clicked on the Manage Certificates button.
Creating new certificates did get me to the point where I made it through notarization but now get signing errors when I upload with Application Loader, so I may have done something else wrong making the new certificates and regenerating my provisioning profiles, but hopefully this helps you out.
36
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
