B4J Question Notarize in MacSigner 1.02

yo3ggx

Active Member
Licensed User
Longtime User
Hello.

All steps ok, until Notarize.
I get the submission confirmation:
B4X:
Uploading package to Apple server. This step can take several minutes...
Conducting pre-submission checks for janet.zip and initiating connection to the Apple notary service...
Submission ID received
  id: d3d64dfb-8500-4d21-b454-fcd75052ecbc
Successfully uploaded file
  id: d3d64dfb-8500-4d21-b454-fcd75052ecbc
  path: /Users/toma/janet/package/janet.zip
But no mail received even after a few hours, so I Click on Request info after entering the request ID.

I get the following answer:
B4X:
Successfully received submission info
  createdDate: 2023-08-12T14:51:12.140Z
  id: d3d64dfb-8500-4d21-b454-fcd75052ecbc
  name: janet.zip
  status: Invalid

Of course, Staple does not work either, with the following error.
B4X:
Successfully received submission info
  createdDate: 2023-08-12T14:51:12.140Z
  id: d3d64dfb-8500-4d21-b454-fcd75052ecbc
  name: janet.zip
  status: Invalid

With the previous MacSigner version (used a few months ago) everything worked as expected.

As explained here:
https://developer.apple.com/forums/thread/713345
I checked the log with notarytool.

B4X:
xcrun notarytool log --apple-id [email protected] --password aort-fxjw-ewlc-awuu --team-id W5KECJU98V  d3d64dfb-8500-4d21-b454-fcd75052ecbc

{
  "logFormatVersion": 1,
  "jobId": "d3d64dfb-8500-4d21-b454-fcd75052ecbc",
  "status": "Invalid",
  "statusSummary": "Archive contains critical validation errors",
  "statusCode": 4000,
  "archiveFilename": "janet.zip",
  "uploadDate": "2023-08-12T14:51:21.861Z",
  "sha256": "2951c440a575d5671b89827374438a7310bc32b4d50567d9e8f4892317ed82bb",
  "ticketContents": null,
  "issues": [
    {
      "severity": "error",
      "code": null,
      "path": "janet.zip/janet.app/Contents/runtime/Contents/Home/bin/jrunscript",
      "message": "The binary is not signed.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "janet.zip/janet.app/Contents/runtime/Contents/Home/bin/jrunscript",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "janet.zip/janet.app/Contents/runtime/Contents/Home/bin/jrunscript",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087724",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "janet.zip/janet.app/Contents/runtime/Contents/Home/bin/java",
      "message": "The binary is not signed.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "janet.zip/janet.app/Contents/runtime/Contents/Home/bin/java",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "janet.zip/janet.app/Contents/runtime/Contents/Home/bin/java",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087724",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "janet.zip/janet.app/Contents/runtime/Contents/Home/bin/keytool",
      "message": "The binary is not signed.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "janet.zip/janet.app/Contents/runtime/Contents/Home/bin/keytool",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "janet.zip/janet.app/Contents/runtime/Contents/Home/bin/keytool",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087724",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "janet.zip/janet.app/Contents/runtime/Contents/Home/lib/jspawnhelper",
      "message": "The binary is not signed.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "janet.zip/janet.app/Contents/runtime/Contents/Home/lib/jspawnhelper",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "janet.zip/janet.app/Contents/runtime/Contents/Home/lib/jspawnhelper",
      "message": "The executable does not have the hardened runtime enabled.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087724",
      "architecture": "x86_64"
    }
  ]
}


Any hint about what I'm doing wrong?
Package was created successfully (and functional), including signing (no errors).

Thank you.
 
Last edited:

yo3ggx

Active Member
Licensed User
Longtime User
I'm using Xcode 14.3.1 on a MacMini M2 with macOS Ventura 13.5.
I'm notarizing an x86-64 version of the app.
 
Upvote 0

yo3ggx

Active Member
Licensed User
Longtime User
As stated in my previous message I've tested an application without native libraries, but when you package the app with MacSigner on an M2 Mac, you can use x86-64 or arm64 version of java/javafx. Tested with the standard x86-64 version, as explained in your MacSigner thread.
 
Upvote 0

yo3ggx

Active Member
Licensed User
Longtime User
If I check with codesign tool, looks ok.

B4X:
codesign -dvv ./package/janet.app
Executable=/Users/toma/janet/package/janet.app/Contents/MacOS/janet
Identifier=ro.yo3ggx.janet
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20500 size=1627 flags=0x10000(runtime) hashes=40+7 location=embedded
Signature size=8980
Authority=Developer ID Application: Dan Ovidiu Toma (W5AVCXxxxx)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Aug 12, 2023 at 5:30:00 PM
Info.plist entries=16
TeamIdentifier=W5AVCXxxxx
Runtime Version=11.1.0
Sealed Resources version=2 rules=13 files=155
Internal requirements count=1 size=176
 
Upvote 0

yo3ggx

Active Member
Licensed User
Longtime User
Thank you, but I would like to find the root cause, as it seems I'm the only one affected.
I'm not in a hurry to publish the new release. I will try to sign and notarize the app from the console.

I wonder why I get the messages:
"The signature does not include a secure timestamp."
According to this page:
https://developer.apple.com/documen.../resolving_common_notarization_issues#3087721

In this case, be sure to add a secure timestamp by adding the timestamp option to your OTHER_CODE_SIGN_FLAGS build setting, or by using the option directly with the codesign utility if you sign manually, as described in the previous section.

Generating a secure timestamp requires internet access. macOS accepts only one secure timestamp server, namely timestamp.apple.com, which uses the follow address ranges:
17.32.213.0/24
17.179.249.0/24
17.157.80.0/24

but checking with codesign -dvv ./package/janet.app I do not get any error.

Please check the other errors from the log send previously.

"The binary is not signed.", "path": "janet.zip/janet.app/Contents/runtime/Contents/Home/bin/jrunscript"
"The signature does not include a secure timestamp.","path": "janet.zip/janet.app/Contents/runtime/Contents/Home/bin/jrunscript",
"The executable does not have the hardened runtime enabled.","path": "janet.zip/janet.app/Contents/runtime/Contents/Home/bin/jrunscript",
"The binary is not signed.","path": "janet.zip/janet.app/Contents/runtime/Contents/Home/bin/java",
"The signature does not include a secure timestamp.","path": "janet.zip/janet.app/Contents/runtime/Contents/Home/bin/java",
"The executable does not have the hardened runtime enabled.","path": "janet.zip/janet.app/Contents/runtime/Contents/Home/bin/java",
"The binary is not signed.","path": "janet.zip/janet.app/Contents/runtime/Contents/Home/bin/keytool",
"The signature does not include a secure timestamp.","path": "janet.zip/janet.app/Contents/runtime/Contents/Home/bin/keytool",
"The executable does not have the hardened runtime enabled.","path": "janet.zip/janet.app/Contents/runtime/Contents/Home/bin/keytool",
"The binary is not signed.","path": "janet.zip/janet.app/Contents/runtime/Contents/Home/lib/jspawnhelper",
"The signature does not include a secure timestamp.","path": "janet.zip/janet.app/Contents/runtime/Contents/Home/lib/jspawnhelper",
"The executable does not have the hardened runtime enabled.","path": "janet.zip/janet.app/Contents/runtime/Contents/Home/lib/jspawnhelper",

It looks like code signing in MacSigner 1.02 does not work as expected (for me) for files not related to my app.
 
Upvote 0

yo3ggx

Active Member
Licensed User
Longtime User
Hello Erel. Please provide a link to the old version (based on altool). I have the source code, but after compilation does not work on my Mac.
Thank you.
 
Upvote 0

yo3ggx

Active Member
Licensed User
Longtime User
As I don't have the source code from MacSigner 1.01, I used 0.95.
I successfully notarize the app using that version.
No errors, so I suspect v1.02 (with notarytool) does not work on M1/M2 Macs.

Some links that may help others more experienced than me and with the same issue.
https://stackoverflow.com/questions/75614448/macos-codesignature-invalid-after-adding-entitlements
https://stackoverflow.com/questions/75107171/issues-with-codesigning-and-notarization-for-mac-m1

Hope the issue with MacSigner 1.02 will be solved until the deadline of Nov 1, 2023.
 
Upvote 0
Top