Notarization process that worked LAST week - fails THIS week! (SOLVED sort of)
-
- KVRian
- Topic Starter
- 626 posts since 30 Aug, 2012
The step-by-step notarization process that I used to successfully notarize a dozen plugins a week ago all of a sudden is NOT working today. I have been using the method posted on page 1 of this thread viewtopic.php?f=33&t=531663. I have VST, AU, AAX versions of my plugins signed (and verified) with my Apple Developer ID Application cert zipped into one top-level zip file which I then submit for notarization.
This process worked perfectly until today. The package uploads to Apple with no errors and returns a UUID. However when I check that UUID some time later Apple reports the notarization failed with "error code 2, Package Invalid".
I've tried the process from scratch a couple of more times with same result. I've checked the UUIDs for all the other packages I released using the exact same process and they all report VALID, error code 0.
What is even more baffling is when opened and tested on Catalina (on a separate HD volume) - everything in the package works - no security issues!
What could be wrong here? Any suggestions appreciated!
This process worked perfectly until today. The package uploads to Apple with no errors and returns a UUID. However when I check that UUID some time later Apple reports the notarization failed with "error code 2, Package Invalid".
I've tried the process from scratch a couple of more times with same result. I've checked the UUIDs for all the other packages I released using the exact same process and they all report VALID, error code 0.
What is even more baffling is when opened and tested on Catalina (on a separate HD volume) - everything in the package works - no security issues!
What could be wrong here? Any suggestions appreciated!
Last edited by Fender19 on Sun Feb 16, 2020 8:36 pm, edited 2 times in total.
-
- KVRian
- Topic Starter
- 626 posts since 30 Aug, 2012
This test fails:
spctl --assess --verbose (filename)
rejected
source=Unnotarized Developer ID
This test, however, shows GOOD:
codesign --verify --deep --strict --verbose=2 (filename)
valid on disk
satisfies its Designated Requirement
spctl --assess --verbose (filename)
rejected
source=Unnotarized Developer ID
This test, however, shows GOOD:
codesign --verify --deep --strict --verbose=2 (filename)
valid on disk
satisfies its Designated Requirement
Last edited by Fender19 on Sun Feb 16, 2020 8:51 am, edited 1 time in total.
-
- KVRist
- 210 posts since 11 Feb, 2006
I had this happen recently using Whitebox Packages, with it importing my siging cert. Once I removed the cert from Packages and signed the .pkg separately it was fine.
-
- KVRian
- Topic Starter
- 626 posts since 30 Aug, 2012
I found the problem: "The signature does not include a secure timestamp." is reported for all of my plugin builds within the zip package.
I added "--timestamp" to Other Code Signing Flags in the Xcode 10.3 build settings and now it works. Package notarized VALID.
Now, I went back and checked my other plugin build settings and they did NOT have this flag set - but yet they notarized successfully! Why? Did Apple change this recently? This is madness!!!
I added "--timestamp" to Other Code Signing Flags in the Xcode 10.3 build settings and now it works. Package notarized VALID.
Now, I went back and checked my other plugin build settings and they did NOT have this flag set - but yet they notarized successfully! Why? Did Apple change this recently? This is madness!!!
-
- KVRian
- Topic Starter
- 626 posts since 30 Aug, 2012
Turns out this only solved the problem for VST, VST3 and AU builds - AAX notarizes successfully but still fails sptcl and is rejected on Catalina.Fender19 wrote: ↑Sun Feb 16, 2020 5:19 pm I found the problem: "The signature does not include a secure timestamp." is reported for all of my plugin builds within the zip package.
I added "--timestamp" to Other Code Signing Flags in the Xcode 10.3 build settings and now it works. Package notarized VALID.