electron / notarize Goto Github PK

View Code? Open in Web Editor NEW

89.0 5.0 20.0 268 KB

Notarize your macOS Electron Apps

License: MIT License

TypeScript 99.72% JavaScript 0.28%

notarize's Introduction

Electron Notarize

Notarize your Electron apps seamlessly for macOS

Installation

# npm
npm install @electron/notarize --save-dev

# yarn
yarn add @electron/notarize --dev

What is app "notarization"?

From Apple's docs in XCode:

A notarized app is a macOS app that was uploaded to Apple for processing before it was distributed. When you export a notarized app from Xcode, it code signs the app with a Developer ID certificate and staples a ticket from Apple to the app. The ticket confirms that you previously uploaded the app to Apple.

On macOS 10.14 and later, the user can launch notarized apps when Gatekeeper is enabled. When the user first launches a notarized app, Gatekeeper looks for the app’s ticket online. If the user is offline, Gatekeeper looks for the ticket that was stapled to the app.

Apple has made this a hard requirement as of 10.15 (Catalina).

Prerequisites

For notarization, you need the following things:

Xcode 10 or later installed on your Mac.
An Apple Developer account.
An app-specific password for your ADC account’s Apple ID.
Your app may need to be signed with hardened-runtime, including the following entitlement:
1. com.apple.security.cs.allow-jit

If you are using Electron 11 or below, you must add the com.apple.security.cs.allow-unsigned-executable-memory entitlement too. When using version 12+, this entitlement should not be applied as it increases your app's attack surface.

API

Method: `notarize(opts): Promise<void>`

options Object
- tool String - The notarization tool to use, default is notarytool. Can be legacy or notarytool. notarytool is substantially (10x) faster and legacy is deprecated and will stop working on November 1st 2023.
- appPath String - The absolute path to your .app file
- There are different options for each tool: Notarytool
  - There are three authentication methods available: user name with password:
    - appleId String - The username of your apple developer account
    - appleIdPassword String - The app-specific password (not your Apple ID password).
    - teamId String - The team ID you want to notarize under.
  - ... or apiKey with apiIssuer:
    - appleApiKey String - Absolute path to the .p8 file containing the key. Required for JWT authentication. See Note on JWT authentication below.
    - appleApiKeyId String - App Store Connect API key ID, for example, T9GPZ92M7K. Required for JWT authentication. See Note on JWT authentication below.
    - appleApiIssuer String - Your App Store Connect API key issuer, for example, c055ca8c-e5a8-4836-b61d-aa5794eeb3f4. Required if appleApiKey is specified.
  - ... or keychain with keychainProfile:
    - keychain String - The name of the keychain or path to the keychain you stored notarization credentials in.
    - keychainProfile String - The name of the profile you provided when storing notarization credentials.
- ... or Legacy
  - appBundleId String - The app bundle identifier your Electron app is using. E.g. com.github.electron
  - ascProvider String (optional) - Your Team Short Name.
  - There are two authentication methods available: user name with password:
    - appleId String - The username of your apple developer account
    - appleIdPassword String - The app-specific password (not your Apple ID password).
  - ... or apiKey with apiIssuer:
    - appleApiKey String - Required for JWT authentication. See Note on JWT authentication below.
    - appleApiIssuer String - Issuer ID. Required if appleApiKey is specified.

Safety when using `appleIdPassword`

Never hard code your password into your packaging scripts, use an environment variable at a minimum.
It is possible to provide a keychain reference instead of your actual password (assuming that you have already logged into the Application Loader from Xcode). For example:

const password = `@keychain:"Application Loader: ${appleId}"`;

Another option is that you can add a new keychain item using either the Keychain Access app or from the command line using the security utility:

security add-generic-password -a "AC_USERNAME" -w <app_specific_password> -s "AC_PASSWORD"

where AC_USERNAME should be replaced with your Apple ID, and then in your code you can use:

const password = `@keychain:AC_PASSWORD`;

Notes on JWT authentication

You can obtain an API key from Appstore Connect. Create a key with App Manager access. Note down the Issuer ID and download the .p8 file. This file is your API key and comes with the name of AuthKey_<appleApiKeyId>.p8. This is the string you have to supply when calling notarize.

Based on the ApiKey, the legacy altool will look in the following places for that file:

./private_keys
~/private_keys
~/.private_keys
~/.appstoreconnect/private_keys

notarytool will not look for the key, and you must instead provide its path as the appleApiKey argument.

Notes on your Team Short Name

If you are a member of multiple teams or organizations, you have to tell Apple on behalf of which organization you're uploading. To find your team's short name), you can ask iTMSTransporter, which is part of the now deprecated Application Loader as well as the newer Transporter.

With Transporter installed, run:

/Applications/Transporter.app/Contents/itms/bin/iTMSTransporter -m provider -u APPLE_DEV_ACCOUNT -p APP_PASSWORD

Alternatively, with older versions of Xcode, run:

/Applications/Xcode.app/Contents/Applications/Application Loader.app/Contents/itms/bin/iTMSTransporter -m provider -u APPLE_DEV_ACCOUNT -p APP_PASSWORD

Notes on your teamId

If you use the new Notary Tool method with appleId/appleIdPassword you will need to set the teamId option. To get this ID, go to your Apple Developer Account, then click on "Membership details", and there you will find your Team ID. This link should get you there directly: https://developer.apple.com/account#MembershipDetailsCard

Debug

debug is used to display logs and messages. You can use export DEBUG=electron-notarize* to log additional debug information from this module.

Example Usage

import { notarize } from '@electron/notarize';

async function packageTask () {
  // Package your app here, and code sign with hardened runtime
  await notarize({
    appBundleId,
    appPath,
    appleId,
    appleIdPassword,
    ascProvider, // This parameter is optional
  });
}

notarize's People

Contributors

Stargazers

Watchers

notarize's Issues

Add a license file ?

Would it be possible to include a license file ? It will help to clarify the copyright applicable to the module. (I assume the copyright will be in the MIT license file)
Thank you.

More verbose debug messages?

Hi, I'm running the build and notarization routine of a mac electron app on a Go CI and not long ago it has started failing the notarization step (it worked previously)

The only debug message I get is

Error: Failed to upload app to Apples notarization servers

2019-07-22 14:37:30.213 go-agent[23269:316324] *** Error: Unable to validate your application. The application you have selected does not exist.

    at /go-agent-01/pipelines/app/node_modules/electron-notarize/src/index.ts:76:13

At the moment I'm not sure if it's some electron-notarize problem or go-agent problem.
Maybe more verbose error messages would help here?
What do you guys think?

Notarize id returned by Apple

Hi,
when working from command line, the notarizing command (xcrun altool --notarize-app ... ) is returning an id like this:
[2020-04-09 16:42:37] [INFO ] No errors uploading 'zip-archive-name'
RequestUUID = 0808dd63-4f76-41b3-b2ba-727ee740edbc

Based on that id I can query about the notarizing status (xcrun altool --notarization-history ... | grep 'uuid'). The result contain keywords like this: "in progress", "success", "invalid" (possible some other values - but you get the idea).

So, is there any way I can get the uuid returned by the notarize process when submitting the app (zip archive) to apple website?

Thank you

Failed notorize: Unrecognized selector sent to instance

Hi,

since month i'm notorizing my app with success but since today the process fail with this error:

Do you have any idea of what wrong happening ?

Provide API key via parameter

Thanks for this package!

It would be nice if the user could provide the API key (the content of the .p8 file) as a parameter to the notarize function instead of having to store it as a file. Internally, electron-notarize could temporarily write the key to disk and remove it after completing the notarization.

@MarshallOfSound Is this something you'd be willing to consider? :)

It takes a long time?

Hey there, I'm just wondering if it is expected that notarization takes such a long time?

I have the following in by electron-builder config:

    "afterSign": "src/misc/notarize.js",
    "mac": {
      "hardenedRuntime": true,
      "gatekeeperAssess": false,
      "entitlements": "src/misc/entitlements.mac.plist",
      "entitlementsInherit": "src/misc/entitlements.mac.plist"
    },

And

//notarize.js
const { notarize } = require('electron-notarize');

exports.default = async function notarizing(context) {
  const { electronPlatformName, appOutDir } = context;  
  if (electronPlatformName !== 'darwin') {
    return;
  }

  const appName = context.packager.appInfo.productFilename;

  return await notarize({
    appBundleId: 'com.teselagen.openVectorEditor',
    appPath: `${appOutDir}/${appName}.app`,
    appleId: process.env.APPLEID,
    appleIdPassword: process.env.APPLEIDPASS,
  });
};

The notarize function seems to take a really long time, like several minutes. Do you know where that delay is mostly coming from? Do I need to run it every time I make a new release?

Other than the slowness it works great!
Thanks!

The signature of the binary is invalid

The signature of the binary is invalid
I found this information in the notarization process
This file is signed by my certificate

Fails over SSH

If I try and run this over SSH it fails when calling altool with message "Error: code -1017 (Unable to upload your app for notarization. You must specify '--primary-bundle-id'.)"

The exact same app/settings etc. all works fine if called locally on the machine instead of over SSH.

Is it possible to allow an ENV variable or similar that can force a primary-bundle-id to be passed to altool call?

Add link to this repository in the npm package

Currently the package on npm doesn't have link to this repository, and some automated tools for licensing doesn't work out of the box (e.g. license-parser).

Successful notarization but app no longer launches

Hi,

I'm using electron-packager, which has integration with electron-notarize.
Currently packager still ties to 0.1.1 but I overwrite it to work with 0.2.0 (0.2.1 is not yet on npm).

Now I can successfully package my app without errors. All tools to check the notarization return success on the .app file.

However, when notarization is used, the app dies immediately with an error on code signing. Packaging without notarization results in an app file that successfully launches (on Mojave), but I'm trying to add notarization for Catalina.

Any ideas where this could come from?

Thx

Your Apple ID account is attached to other iTunes providers. You will need to specify which provider you intend to submit content to by using the -itc_provider command

Did anyone incur into the following error?

Package Summary:

1 package(s) were not uploaded because they had problems:
	/var/folders/dw/bb3vx0757nzckp2t81shwk6h0000gn/T/F1F8613D-3584-487D-BF3D-A8CB736639CF/net.company-name.tav.itmsp - Error Messages:
		Your Apple ID account is attached to other iTunes providers. You will need to specify which provider you intend to submit content to by using the -itc_provider command. Please contact us if you have questions or need help. (1627)
2019-11-13 16:26:01.610 altool[27318:239676] *** Error: Your Apple ID account is attached to other iTunes providers. You will need to specify which provider you intend to submit content to by using the -itc_provider command. Please contact us if you have questions or need help. (1627)

    at /Users/damians/Desktop/tav-client/node_modules/electron-notarize/src/index.ts:83:13
    at Generator.next (<anonymous>)
    at fulfilled (/Users/damians/Desktop/tav-client/node_modules/electron-notarize/lib/index.js:4:58)
    at processTicksAndRejections (internal/process/task_queues.js:93:5

I'm using the following script:

const fs = require('fs');
const path = require('path');
const electron_notarize = require('electron-notarize');
const { build: { appId } } = require('./package.json');

module.exports = async function (params) {
    // Only notarize the app on Mac OS only.
    if (process.platform !== 'darwin') {
        return;
    }
    console.log('afterSign hook triggered', params);

    let appPath = path.join(params.appOutDir, `${params.packager.appInfo.productFilename}.app`);
    if (!fs.existsSync(appPath)) {
        throw new Error(`Cannot find application at: ${appPath}`);
    }

    console.log(`Notarizing ${appId} found at ${appPath}`);

    try {
        await electron_notarize.notarize({
            appBundleId: appId,
            appPath: appPath,
            appleId: process.env.appleId,
            appleIdPassword: process.env.appleIdPassword,
        });
    }
    catch (error) {
        console.error(error);
    }

    console.log(`Done notarizing ${appId}`);
};

Pepper Flash plugin entitlements

Which entitlements are required for notarizing when electron app uses Pepper Flash plugin? Thanks!

troubleshooting keychain password issues

I receive errors saying item not found in keychain when the item exists and settings have been changed to allow any application to view them.

Line in question:
const password = `@keychain:"Application Loader: ${appleId}"\`;

Is there anything I need to know RE: setup for keychain other than the steps outlined in the readme? Using an env for password works fine, but would like to use keychain instead

Mac: 10.14.6
Node: 12

"CFURLRequestSetHTTPCookieStorageAcceptPolicy_block_invoke: no longer implemented and should not be called" at macOS 11.2.2

hi~, when I use at macOS 11.2.2, crash with log:


(node:18667) PromiseRejectionHandledWarning: Promise rejection was handled asynchronously (rejection id: 1)
  ⨯ Failed to upload app to Apple's notarization servers

2021-03-04 21:07:37.211 altool[20306:145399] CFURLRequestSetHTTPCookieStorageAcceptPolicy_block_invoke: no longer implemented and should not be called
2021-03-04 21:07:57.890 altool[20306:145403]  Error:
[2021-03-04 21:07:45 CST] <main>  INFO: Configuring logging...
[2021-03-04 21:07:45 CST] <main>  INFO: Logging level set to eXtreme
[2021-03-04 21:07:45 CST] <main>  INFO: Transporter is searching for new software components.
[2021-03-04 21:07:45 CST] <main>  INFO: INFO: using cached repository.xml file.
[2021-03-04 21:07:45 CST] <main>  INFO: Update check complete.
[2021-03-04 21:07:47 CST] <main> DEBUG: Attempting refresh of configuration data from https://contentdelivery.itunes.apple.com/transporter/Defaults.properties
[2021-03-04 21:07:47 CST] <main> DEBUG: Configuration refresh successful.
[2021-03-04 21:07:47 CST] <main> DEBUG: Saving configuration to local path: /Users/hurry/Library/Caches/com.apple.amp.itmstransporter/Defaults.properties
[2021-03-04 21:07:48 CST] <main>  INFO: iTMSTransporter : iTunes Store Transporter [2.1.0]
[2021-03-04 21:07:48 CST] <main>  INFO: OS identifier: Mac OS X 11.2.2 (x86_64); jvm=14.0.2+12-iTunesOpenJDK-5; jre=14.0.2+12-iTunesOpenJDK-5
[2021-03-04 21:07:48 CST] <main>  INFO: Memory: [JVM] 817M free, 1024M total, 2048M max [System] (Physical) 636M free, 16384M total (Swap) 0 free, 0 total
[2021-03-04 21:07:48 CST] <main>  INFO: Client: altool 4.029 (1194)
[2021-03-04 21:07:48 CST] <main>  INFO: Upload mode selected.
[2021-03-04 21:07:48 CST] <main> DBG-X: Memory: [JVM] 806M free, 1024M total, 2048M max [System] (Physical) 625M free, 16384M total (Swap) 0 free, 0 total
[2021-03-04 21:07:48 CST] <main> DBG-X: Using operation named: authenticateForTransportDiscovery
[2021-03-04 21:07:48 CST] <main> DBG-X: Apple's web service operation input parameters:
[2021-03-04 21:07:48 CST] <main> DBG-X:   parameter Application = iTMSTransporter
[2021-03-04 21:07:48 CST] <main> DBG-X:   parameter BaseVersion = 2.1.0
[2021-03-04 21:07:48 CST] <main> DBG-X:   parameter Client = altool
[2021-03-04 21:07:48 CST] <main> DBG-X:   parameter ClientVersion = 4.029 (1194)
[2021-03-04 21:07:48 CST] <main> DBG-X:   parameter OSIdentifier = Mac OS X 11.2.2 (x86_64); jvm=14.0.2+12-iTunesOpenJDK-5; jre=14.0.2+12-iTunesOpenJDK-5
[2021-03-04 21:07:48 CST] <main> DBG-X:   parameter StatisticsClientStartDateTimeZoneISO = 2021-03-04T21:07:48+08:00
[2021-03-04 21:07:48 CST] <main> DBG-X:   parameter StatisticsPreviousCallDurationInSecs = 0.81726927
[2021-03-04 21:07:48 CST] <main> DBG-X:   parameter TransporterArguments = -m upload -u [email protected] -vp json -DTxHeaders=eyJqZW5nYSI6dHJ1ZX0= -sessionid @env:493ABF2F-680E-47CF-8066-A9DB875146EC -sharedsecret **hidden value** -f /var/folders/s2/yd78kjgx36g34hvc0259fw9r0000gn/T/C2914BC3-F7AE-49DF-977B-60FDF9759170/com.izihun.client.itmsp -indicator true -v eXtreme -Dtransporter.client=altool -Dtransporter.client.version=4.029 (1194)
[2021-03-04 21:07:48 CST] <main> DBG-X:   parameter Version = 2.1.0
[2021-03-04 21:07:48 CST] <main> DBG-X:   parameter iTMSTransporterMode = upload
[2021-03-04 21:07:48 CST] <main>  INFO: id = 20210304210748-433
[2021-03-04 21:07:48 CST] <main>  INFO: iTMSTransporter Correlation Key: cff6a7f4-a738-4196-8d2c-e61fd143e8b1-0001
[2021-03-04 21:07:49 CST] <main> DBG-X: Apple's web service operation return value:
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter EnableJWTForAllCalls = false
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter PreferredTransports = [HTTP, Signiant, Aspera, DAV]
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter TransportHosts.Signiant = [sgr601.apple.com:44001, sgr604.apple.com:44001, sgr602.apple.com:44001, sgr603.apple.com:44001]
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter SessionExpiration = 2021-03-08T13:07:51.479Z
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter TransportHosts.DAV = [itmsdav.apple.com:443]
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter TransportHosts.Aspera = [vgr503.apple.com:33001, vgr504.apple.com:33001, vgr502.apple.com:33001, vgr501.apple.com:33001]
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter ShouldUseRESTAPIs = false
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter StreamingSettings = {LogStreamingEnabled=true, MultipartUploadsEnabled=true, AssetDescriptionStreamingEnabled=false}
[2021-03-04 21:07:49 CST] <main>  INFO: Transporter's command line arguments are: -m upload -u [email protected] -vp json -DTxHeaders=eyJqZW5nYSI6dHJ1ZX0= -sessionid @env:493ABF2F-680E-47CF-8066-A9DB875146EC -sharedsecret **hidden value** -f /var/folders/s2/yd78kjgx36g34hvc0259fw9r0000gn/T/C2914BC3-F7AE-49DF-977B-60FDF9759170/com.izihun.client.itmsp -indicator true -v eXtreme -Dtransporter.client=altool -Dtransporter.client.version=4.029 (1194)
[2021-03-04 21:07:49 CST] <main>  INFO: Examining the package at: /var/folders/s2/yd78kjgx36g34hvc0259fw9r0000gn/T/C2914BC3-F7AE-49DF-977B-60FDF9759170/com.izihun.client.itmsp
[2021-03-04 21:07:49 CST] <main>  INFO: Ensuring that package has well formed metadata file...
[2021-03-04 21:07:49 CST] <main> DEBUG: Getting case-sensitive metadata xml filename...
[2021-03-04 21:07:49 CST] <main>  INFO: Gathering the list of valid files from the package ...
[2021-03-04 21:07:49 CST] <main> DEBUG:   iFonts.zip will be verified by Apple's web service to determine if it is a valid file.
[2021-03-04 21:07:49 CST] <main> DEBUG:   metadata.xml will be verified by Apple's web service to determine if it is a valid file.
[2021-03-04 21:07:49 CST] <main>  INFO: Finished gathering the list of valid files from the package.
[2021-03-04 21:07:49 CST] <main> DEBUG:   Case-sensitive metadata filename is: metadata.xml
[2021-03-04 21:07:49 CST] <main>  INFO: JSON:{"msg":{"phase":"Upload","description":"Analyzing metadata","index":0},"messageType":"VerifyProgress"}
[2021-03-04 21:07:49 CST] <main>  INFO: Performing authentication of package com.izihun.client.itmsp ...
[2021-03-04 21:07:49 CST] <main> DBG-X: Memory: [JVM] 971M free, 1024M total, 2048M max [System] (Physical) 571M free, 16384M total (Swap) 0 free, 0 total
[2021-03-04 21:07:49 CST] <main>  INFO: JSON:{"msg":{"phase":"Upload","count":2,"description":"Analyzing metadata","index":1},"messageType":"VerifyProgress"}
[2021-03-04 21:07:49 CST] <main> DBG-X: Deflated 528 bytes to 416
[2021-03-04 21:07:49 CST] <main> DBG-X: Using operation named: validateMetadata
[2021-03-04 21:07:49 CST] <main> DBG-X: Apple's web service operation input parameters:
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter Application = iTMSTransporter
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter BaseVersion = 2.1.0
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter Client = altool
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter ClientVersion = 4.029 (1194)
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter Files = [iFonts.zip, metadata.xml]
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter Metadata = <?xml version="1.0" encoding="UTF-8"?>
<package version="software5.9" xmlns="http://apple.com/itunes/importer">
    <software_assets
        app_platform="osx"
        primary_bundle_identifier="com.izihun.client">
        <asset type="developer-id-package">
            <data_file>
                <file_name>iFonts.zip</file_name>
                <checksum type="md5">364c256b0986e9dc0e31f09630259c2b</checksum>
                <size>88615564</size>
            </data_file>
        </asset>
    </software_assets>
</package>

[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter MetadataChecksum = 9e297baec1929371851e1b0c913e07f5
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter MetadataCompressed = (suppressed)
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter MetadataInfo = {app_platform=osx, primary_bundle_identifier=com.izihun.client, device_id=, bundle_identifier=, packageVersion=software5.9, apple_id=, asset_types=[developer-id-package], bundle_version=, bundle_short_version_string=}
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter OSIdentifier = Mac OS X 11.2.2 (x86_64); jvm=14.0.2+12-iTunesOpenJDK-5; jre=14.0.2+12-iTunesOpenJDK-5
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter PackageName = com.izihun.client.itmsp
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter PackageSize = 88616092
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter StatisticsClientStartDateTimeZoneISO = 2021-03-04T21:07:49+08:00
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter TransporterArguments = -m upload -u [email protected] -vp json -DTxHeaders=eyJqZW5nYSI6dHJ1ZX0= -sessionid @env:493ABF2F-680E-47CF-8066-A9DB875146EC -sharedsecret **hidden value** -f /var/folders/s2/yd78kjgx36g34hvc0259fw9r0000gn/T/C2914BC3-F7AE-49DF-977B-60FDF9759170/com.izihun.client.itmsp -indicator true -v eXtreme -Dtransporter.client=altool -Dtransporter.client.version=4.029 (1194)
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter Version = 2.1.0
[2021-03-04 21:07:49 CST] <main> DBG-X:   parameter iTMSTransporterMode = upload
[2021-03-04 21:07:49 CST] <main>  INFO: id = 20210304210749-441
[2021-03-04 21:07:49 CST] <main>  INFO: iTMSTransporter Correlation Key: cff6a7f4-a738-4196-8d2c-e61fd143e8b1-0001
[2021-03-04 21:07:51 CST] <main> DBG-X: Apple's web service operation return value:
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter EnableJWTForAllCalls = false
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter SessionExpiration = 2021-03-08T13:07:51.847Z
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter MinimumFileSizeThresholdForCheckum = 104857600
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter SoftwareMediaDescriptionFormat = binary
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter SoftwareMediaDescriptionThresholds = {in-app-purchase-content={extensions=[pkg], size=100000000}, ccats={extensions=[pdf], size=100000000}, product-archive={extensions=[pkg], size=100000000}, developer-id-package={extensions=[zip, pkg, dmg], size=100000000}, bundle={extensions=[zip, ipa], size=100000000}, large-icon={extensions=[jpg, png, jpeg], size=100000000}}
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter Success = true
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter StreamingSettings = {LogStreamingEnabled=true, MultipartUploadsEnabled=true, AssetDescriptionStreamingEnabled=false}
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter FilesToUpload = [metadata.xml, iFonts.zip]
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter AssetsToDescribe = []
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter CPUToken = 302871bd-5be0-43d9-99fa-4b34848102ae/1614863272256
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter Checksums = {iFonts.zip=364c256b0986e9dc0e31f09630259c2b}
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter FileSizes = {iFonts.zip=88615564}
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter ShouldUseRESTAPIs = false
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter ProviderNameForToken = 8J3D69BAVX
[2021-03-04 21:07:51 CST] <main>  INFO: The list of files requested for upload by Apple is: [metadata.xml, iFonts.zip].  These are the files that will be uploaded.
[2021-03-04 21:07:51 CST] <main>  INFO: Nothing to describe for media analysis of assets
[2021-03-04 21:07:51 CST] <main> DBG-X: Memory: [JVM] 971M free, 1024M total, 2048M max [System] (Physical) 315M free, 16384M total (Swap) 0 free, 0 total
[2021-03-04 21:07:51 CST] <main> DBG-X: Using operation named: lookupTransportDiagnostic
[2021-03-04 21:07:51 CST] <main> DBG-X: Apple's web service operation input parameters:
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter Application = iTMSTransporter
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter BaseVersion = 2.1.0
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter Client = altool
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter ClientVersion = 4.029 (1194)
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter OSIdentifier = Mac OS X 11.2.2 (x86_64); jvm=14.0.2+12-iTunesOpenJDK-5; jre=14.0.2+12-iTunesOpenJDK-5
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter StatisticsClientStartDateTimeZoneISO = 2021-03-04T21:07:51+08:00
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter TransporterArguments = -m upload -u [email protected] -vp json -DTxHeaders=eyJqZW5nYSI6dHJ1ZX0= -sessionid @env:493ABF2F-680E-47CF-8066-A9DB875146EC -sharedsecret **hidden value** -f /var/folders/s2/yd78kjgx36g34hvc0259fw9r0000gn/T/C2914BC3-F7AE-49DF-977B-60FDF9759170/com.izihun.client.itmsp -indicator true -v eXtreme -Dtransporter.client=altool -Dtransporter.client.version=4.029 (1194)
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter Version = 2.1.0
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter iTMSTransporterMode = upload
[2021-03-04 21:07:51 CST] <main>  INFO: id = 20210304210751-342
[2021-03-04 21:07:51 CST] <main>  INFO: iTMSTransporter Correlation Key: cff6a7f4-a738-4196-8d2c-e61fd143e8b1-0001
[2021-03-04 21:07:51 CST] <main> DBG-X: Apple's web service operation return value:
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter AsperaLoggingLevel = OFF
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter EnableJWTForAllCalls = false
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter SigniantLoggingLevel = OFF
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter SessionExpiration = 2021-03-08T13:07:53.456Z
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter ShouldUseRESTAPIs = false
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter StreamingSettings = {LogStreamingEnabled=true, MultipartUploadsEnabled=true, AssetDescriptionStreamingEnabled=false}
[2021-03-04 21:07:51 CST] <main> DBG-X: Using operation named: createTestReservation
[2021-03-04 21:07:51 CST] <main> DBG-X: Apple's web service operation input parameters:
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter Application = iTMSTransporter
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter BaseVersion = 2.1.0
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter Client = altool
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter ClientVersion = 4.029 (1194)
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter fileDescriptions = ( one FileDescription )
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter iTMSTransporterMode = upload
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter NewPackageName = http-transport-diagnostic-20210304210751-CST-4158.itmsp
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter OSIdentifier = Mac OS X 11.2.2 (x86_64); jvm=14.0.2+12-iTunesOpenJDK-5; jre=14.0.2+12-iTunesOpenJDK-5
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter TransporterArguments = -m upload -u [email protected] -vp json -DTxHeaders=eyJqZW5nYSI6dHJ1ZX0= -sessionid @env:493ABF2F-680E-47CF-8066-A9DB875146EC -sharedsecret **hidden value** -f /var/folders/s2/yd78kjgx36g34hvc0259fw9r0000gn/T/C2914BC3-F7AE-49DF-977B-60FDF9759170/com.izihun.client.itmsp -indicator true -v eXtreme -Dtransporter.client=altool -Dtransporter.client.version=4.029 (1194)
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter Username = [email protected]
[2021-03-04 21:07:51 CST] <main> DBG-X:   parameter Version = 2.1.0
[2021-03-04 21:07:51 CST] <main>  INFO: id = 20210304210751-996
[2021-03-04 21:07:51 CST] <main>  INFO: iTMSTransporter Correlation Key: 8fdd4af0-c2f7-4558-a667-581c8cb2aa17-0001
[2021-03-04 21:07:53 CST] <main> DBG-X: Apple's web service operation return value:
[2021-03-04 21:07:53 CST] <main> DBG-X:   parameter EnableJWTForAllCalls = false
[2021-03-04 21:07:53 CST] <main> DBG-X:   parameter Reservations = ( one Reservation )
[2021-03-04 21:07:53 CST] <main> DBG-X:   parameter SessionExpiration = 2021-03-08T13:07:55.593Z
[2021-03-04 21:07:53 CST] <main> DBG-X:   parameter StreamingSettings = {MultipartUploadsEnabled=true, AssetDescriptionStreamingEnabled=false, LogStreamingEnabled=true}
[2021-03-04 21:07:53 CST] <main> DBG-X:   parameter Success = true
[2021-03-04 21:07:53 CST] <main>  INFO: Setting transport log file: /var/folders/s2/yd78kjgx36g34hvc0259fw9r0000gn/T/http-transport-diagnostic-20210304210751-CST-4158.itmsp15733166027633244469.log
[2021-03-04 21:07:53 CST] <main>  INFO: Starting upload for packageName: http-transport-diagnostic-20210304210751-CST-4158.itmsp
[2021-03-04 21:07:53 CST] <main>  INFO: Thread Pool Configuration: {rateLimit=100000000000 KBs, minConnections=6, coreThreads=6, perCoreThreadMultiplier=1.65, processors=8, maxThreads=14, maxConnections=13}
[2021-03-04 21:07:53 CST] <main>  INFO: Reservation CPUSource124/v4/a3/91/74/a3917471-3aa7-9e5c-1a33-a7d219fec450/http-transport-diagnostic-5557500294908610681.txt created for file: (http-transport-diagnostic-5557500294908610681.txt), part count:(1), file size: (199)
[2021-03-04 21:07:53 CST] <main>  INFO: Computing total size of files to upload ...
[2021-03-04 21:07:53 CST] <main> DBG-X:   adding file for % complete logging: http-transport-diagnostic-5557500294908610681.txt , size: 199
[2021-03-04 21:07:53 CST] <main> DEBUG: Setting total size of files for upload to: 199
[2021-03-04 21:07:53 CST] <main>  INFO: Done computing total size of files to upload.
[2021-03-04 21:07:53 CST] <RLT-001>  INFO: Starting upload for reservation: (CPUSource124/v4/a3/91/74/a3917471-3aa7-9e5c-1a33-a7d219fec450/http-transport-diagnostic-5557500294908610681.txt) file: (http-transport-diagnostic-5557500294908610681.txt/1) size: 199
[2021-03-04 21:07:55 CST] <RLT-001>  INFO:      File: http-transport-diagnostic-5557500294908610681.txt 199/199, 100.00% completed
[2021-03-04 21:07:55 CST] <RLT-001>  INFO: Package upload progress: 100.00% completed
[2021-03-04 21:07:56 CST] <RLT-001>  INFO: Finished part upload for: (http-transport-diagnostic-5557500294908610681.txt/1) 244.17 B/s in 0 seconds
[2021-03-04 21:07:56 CST] <RLT-001>  INFO: Finished upload for reservation: (CPUSource124/v4/a3/91/74/a3917471-3aa7-9e5c-1a33-a7d219fec450/http-transport-diagnostic-5557500294908610681.txt) file: (http-transport-diagnostic-5557500294908610681.txt)
[2021-03-04 21:07:56 CST] <pool-6-thread-1> DBG-X: Using operation named: commitTestReservation
[2021-03-04 21:07:56 CST] <pool-6-thread-1> DBG-X: Apple's web service operation input parameters:
[2021-03-04 21:07:56 CST] <main>  INFO: Waiting on reservation commit(s) to finish.
[2021-03-04 21:07:56 CST] <pool-6-thread-1> DBG-X:   parameter Application = iTMSTransporter
[2021-03-04 21:07:56 CST] <pool-6-thread-1> DBG-X:   parameter BaseVersion = 2.1.0
[2021-03-04 21:07:56 CST] <pool-6-thread-1> DBG-X:   parameter Client = altool
[2021-03-04 21:07:56 CST] <pool-6-thread-1> DBG-X:   parameter ClientVersion = 4.029 (1194)
[2021-03-04 21:07:56 CST] <pool-6-thread-1> DBG-X:   parameter iTMSTransporterMode = upload
[2021-03-04 21:07:56 CST] <pool-6-thread-1> DBG-X:   parameter NewPackageName = http-transport-diagnostic-20210304210751-CST-4158.itmsp
[2021-03-04 21:07:56 CST] <pool-6-thread-1> DBG-X:   parameter OSIdentifier = Mac OS X 11.2.2 (x86_64); jvm=14.0.2+12-iTunesOpenJDK-5; jre=14.0.2+12-iTunesOpenJDK-5
[2021-03-04 21:07:56 CST] <pool-6-thread-1> DBG-X:   parameter reservations = [CPUSource124/v4/a3/91/74/a3917471-3aa7-9e5c-1a33-a7d219fec450/http-transport-diagnostic-5557500294908610681.txt]
[2021-03-04 21:07:56 CST] <pool-6-thread-1> DBG-X:   parameter TransporterArguments = -m upload -u [email protected] -vp json -DTxHeaders=eyJqZW5nYSI6dHJ1ZX0= -sessionid @env:493ABF2F-680E-47CF-8066-A9DB875146EC -sharedsecret **hidden value** -f /var/folders/s2/yd78kjgx36g34hvc0259fw9r0000gn/T/C2914BC3-F7AE-49DF-977B-60FDF9759170/com.izihun.client.itmsp -indicator true -v eXtreme -Dtransporter.client=altool -Dtransporter.client.version=4.029 (1194)
[2021-03-04 21:07:56 CST] <pool-6-thread-1> DBG-X:   parameter Username = [email protected]
[2021-03-04 21:07:56 CST] <pool-6-thread-1> DBG-X:   parameter Version = 2.1.0
[2021-03-04 21:07:56 CST] <pool-6-thread-1>  INFO: id = 20210304210756-303
[2021-03-04 21:07:56 CST] <pool-6-thread-1>  INFO: iTMSTransporter Correlation Key: 8fdd4af0-c2f7-4558-a667-581c8cb2aa17-0001
[2021-03-04 21:07:56 CST] <pool-6-thread-1> DBG-X: Apple's web service operation return value:
[2021-03-04 21:07:56 CST] <pool-6-thread-1> DBG-X:   parameter EnableJWTForAllCalls = false
[2021-03-04 21:07:56 CST] <pool-6-thread-1> DBG-X:   parameter SessionExpiration = 2021-03-08T13:07:58.442Z
[2021-03-04 21:07:56 CST] <pool-6-thread-1> DBG-X:   parameter StreamingSettings = {MultipartUploadsEnabled=true, AssetDescriptionStreamingEnabled=false, LogStreamingEnabled=true}
[2021-03-04 21:07:56 CST] <pool-6-thread-1> DBG-X:   parameter Success = true
[2021-03-04 21:07:56 CST] <pool-6-thread-1>  INFO: Reservation committed: (CPUSource124/v4/a3/91/74/a3917471-3aa7-9e5c-1a33-a7d219fec450/http-transport-diagnostic-5557500294908610681.txt) file: (http-transport-diagnostic-5557500294908610681.txt)
[2021-03-04 21:07:56 CST] <pool-6-thread-1>  INFO: All reservation commit(s) finished.
[2021-03-04 21:07:56 CST] <main>  INFO: 72.81 B/s in 2 seconds
[2021-03-04 21:07:56 CST] <main>  INFO: JSON:{"msg":{"phase":"Upload","count":2,"description":"Validating assets","index":2},"messageType":"VerifyProgress"}
[2021-03-04 21:07:56 CST] <main> DEBUG: Using token file path /Users/hurry/Library/Caches/com.apple.amp.itmstransporter/UploadTokens/Hurry-MacBook.local_8J3D69BAVX_com.izihun.client.itmsp.token
[2021-03-04 21:07:56 CST] <main> DEBUG: Attempting exclusive file lock on token file
[2021-03-04 21:07:56 CST] <main> DEBUG: Token exists, examining
[2021-03-04 21:07:56 CST] <main> DEBUG: Token pid: 18484, found process = false; my pid: 20316
[2021-03-04 21:07:56 CST] <main> DEBUG: Reusing existing token: daf4ed3c-6ffc-441b-89f5-15b1520e5bcb/1614862823330
[2021-03-04 21:07:56 CST] <main> DEBUG: Set token: daf4ed3c-6ffc-441b-89f5-15b1520e5bcb/1614862823330
[2021-03-04 21:07:56 CST] <main> DBG-X: Memory: [JVM] 944M free, 1024M total, 2048M max [System] (Physical) 380M free, 16384M total (Swap) 0 free, 0 total
[2021-03-04 21:07:56 CST] <main>  INFO: JSON:{"msg":{"phase":"Upload","count":2,"description":"Validating assets","index":3},"messageType":"VerifyProgress"}
[2021-03-04 21:07:56 CST] <main> DBG-X: Deflated 528 bytes to 416
[2021-03-04 21:07:56 CST] <main> DBG-X: Using operation named: validateAssets
[2021-03-04 21:07:56 CST] <main> DBG-X: Apple's web service operation input parameters:
[2021-03-04 21:07:56 CST] <main> DBG-X:   parameter Application = iTMSTransporter
[2021-03-04 21:07:56 CST] <main> DBG-X:   parameter BaseVersion = 2.1.0
[2021-03-04 21:07:56 CST] <main> DBG-X:   parameter CPUToken = daf4ed3c-6ffc-441b-89f5-15b1520e5bcb/1614862823330
[2021-03-04 21:07:56 CST] <main> DBG-X:   parameter Client = altool
[2021-03-04 21:07:56 CST] <main> DBG-X:   parameter ClientVersion = 4.029 (1194)
[2021-03-04 21:07:56 CST] <main> DBG-X:   parameter Files = [iFonts.zip, metadata.xml]
[2021-03-04 21:07:56 CST] <main> DBG-X:   parameter MetadataChecksum = 9e297baec1929371851e1b0c913e07f5
[2021-03-04 21:07:56 CST] <main> DBG-X:   parameter MetadataCompressed = (suppressed)
[2021-03-04 21:07:56 CST] <main> DBG-X:   parameter MetadataInfo = {app_platform=osx, primary_bundle_identifier=com.izihun.client, device_id=, bundle_identifier=, packageVersion=software5.9, apple_id=, asset_types=[developer-id-package], bundle_version=, bundle_short_version_string=}
[2021-03-04 21:07:56 CST] <main> DBG-X:   parameter OSIdentifier = Mac OS X 11.2.2 (x86_64); jvm=14.0.2+12-iTunesOpenJDK-5; jre=14.0.2+12-iTunesOpenJDK-5
[2021-03-04 21:07:56 CST] <main> DBG-X:   parameter PackageName = com.izihun.client.itmsp
[2021-03-04 21:07:56 CST] <main> DBG-X:   parameter PackageSize = 88616092
[2021-03-04 21:07:56 CST] <main> DBG-X:   parameter RequestUUID = 2e39ba1e-244c-4f72-8a59-2880075a9d2f
[2021-03-04 21:07:56 CST] <main> DBG-X:   parameter StatisticsClientStartDateTimeZoneISO = 2021-03-04T21:07:56+08:00
[2021-03-04 21:07:56 CST] <main> DBG-X:   parameter Transport = HTTP
[2021-03-04 21:07:56 CST] <main> DBG-X:   parameter TransporterArguments = -m upload -u [email protected] -vp json -DTxHeaders=eyJqZW5nYSI6dHJ1ZX0= -sessionid @env:493ABF2F-680E-47CF-8066-A9DB875146EC -sharedsecret **hidden value** -f /var/folders/s2/yd78kjgx36g34hvc0259fw9r0000gn/T/C2914BC3-F7AE-49DF-977B-60FDF9759170/com.izihun.client.itmsp -indicator true -v eXtreme -Dtransporter.client=altool -Dtransporter.client.version=4.029 (1194)
[2021-03-04 21:07:56 CST] <main> DBG-X:   parameter Version = 2.1.0
[2021-03-04 21:07:56 CST] <main> DBG-X:   parameter iTMSTransporterMode = upload
[2021-03-04 21:07:56 CST] <main>  INFO: id = 20210304210756-330
[2021-03-04 21:07:56 CST] <main>  INFO: iTMSTransporter Correlation Key: cff6a7f4-a738-4196-8d2c-e61fd143e8b1-0001
[2021-03-04 21:07:57 CST] <main> DBG-X: Apple's web service operation return value:
[2021-03-04 21:07:57 CST] <main> DBG-X:   parameter EnableJWTForAllCalls = false
[2021-03-04 21:07:57 CST] <main> DBG-X:   parameter MinimumFileSizeThresholdForCheckum = 104857600
[2021-03-04 21:07:57 CST] <main> DBG-X:   parameter SoftwareMediaDescriptionFormat = binary
[2021-03-04 21:07:57 CST] <main> DBG-X:   parameter RestartClient = false
[2021-03-04 21:07:57 CST] <main> DBG-X:   parameter SoftwareMediaDescriptionThresholds = {in-app-purchase-content={extensions=[pkg], size=100000000}, ccats={extensions=[pdf], size=100000000}, product-archive={extensions=[pkg], size=100000000}, developer-id-package={extensions=[zip, pkg, dmg], size=100000000}, bundle={extensions=[zip, ipa], size=100000000}, large-icon={extensions=[jpg, png, jpeg], size=100000000}}
[2021-03-04 21:07:57 CST] <main> DBG-X:   parameter Success = false
[2021-03-04 21:07:57 CST] <main> DBG-X:   parameter Errors = [Unable to process the request. Please try again or use a different transport. (1360)]
[2021-03-04 21:07:57 CST] <main> DBG-X:   parameter FilesToUpload = [metadata.xml, iFonts.zip]
[2021-03-04 21:07:57 CST] <main> DBG-X:   parameter AssetsToDescribe = []
[2021-03-04 21:07:57 CST] <main> DBG-X:   parameter CPUToken = daf4ed3c-6ffc-441b-89f5-15b1520e5bcb/1614862823330
[2021-03-04 21:07:57 CST] <main> DBG-X:   parameter Checksums = {iFonts.zip=364c256b0986e9dc0e31f09630259c2b}
[2021-03-04 21:07:57 CST] <main> DBG-X:   parameter FileSizes = {iFonts.zip=88615564}
[2021-03-04 21:07:57 CST] <main> DBG-X:   parameter ErrorCode = 1360
[2021-03-04 21:07:57 CST] <main> DBG-X:   parameter ErrorMessage = Unable to process the request. Please try again or use a different transport. (1360)
[2021-03-04 21:07:57 CST] <main> DBG-X:   parameter ShouldUseRESTAPIs = false
[2021-03-04 21:07:57 CST] <main> DBG-X:   parameter ProviderNameForToken = 8J3D69BAVX
[2021-03-04 21:07:57 CST] <main> ERROR: Unable to process the request. Please try again or use a different transport. (1360)
[2021-03-04 21:07:57 CST] <main> DBG-X: The error code is: 1360
[2021-03-04 21:07:57 CST] <main>  INFO: Done performing authentication.
[2021-03-04 21:07:57 CST] <main>  INFO: JSON:{"msg":{"phase":"Upload","count":2,"description":"Operation failed","index":2},"messageType":"VerifyProgress"}
[2021-03-04 21:07:57 CST] <main> DBG-X: Returning 1
2021-03-04 21:07:57.896 altool[20306:145403]  Out:



Package Summary:
 
1 package(s) were not uploaded because they had problems:
	/var/folders/s2/yd78kjgx36g34hvc0259fw9r0000gn/T/C2914BC3-F7AE-49DF-977B-60FDF9759170/com.izihun.client.itmsp - Error Messages:
		Unable to process the request. Please try again or use a different transport. (1360)
2021-03-04 21:07:57.998 altool[20306:145393] *** Error: Unable to notarize app.
2021-03-04 21:07:57.998 altool[20306:145393] *** Error: code 1360 (Unable to process the request. Please try again or use a different transport. (1360))

Changelogs ?

Hi,

Could you provide some changelogs.md or add some more informations about the released version in github releases ?

Thanks

got successful message from apple, but failed by xcrun stapler staple command.

I got the successful message from apple

electron-notarize notarzation done with info: {
  uuid: 'xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx',
  date: 2021-05-11T08:32:28.000Z,
  status: 'success',
  logFileUrl: 'https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma115/v4/e3/09/ab/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx/developer_log.json?accessKey=xxxxxxxxx',
  statusCode: 0,
  statusMessage: 'Package Approved'
} +3s
  electron-notarize notarization was successful +1ms
  electron-notarize attempting to staple app: /Users/macrow/Projects/xxx +0ms

the error message is:

electron-notarize:spawn cmd xcrun terminated with code: 66 +37ms
(node:49685) UnhandledPromiseRejectionWarning: Error: Failed to staple your application with code: 66

Processing: /Users/macrow/Projects/xxx
Properties are {
    NSURLIsDirectoryKey = 1;
    NSURLIsPackageKey = 0;
    NSURLIsSymbolicLinkKey = 0;
    NSURLLocalizedTypeDescriptionKey = Folder;
    NSURLTypeIdentifierKey = "public.folder";
    "_NSURLIsApplicationKey" = 0;
}
Stapler is incapable of working with Folder files.

    at /Users/macrow/Projects/xxx/node_modules/electron-notarize/src/index.ts:158:11
    at Generator.next (<anonymous>)
    at fulfilled (/Users/macrow/Projects/xxx/node_modules/electron-notarize/lib/index.js:4:58)
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
(node:49685) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
(node:49685) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
✨  Done in 599.73s.

what's wrong with the code? :(

why always error "Record not found"

Size of data is 165
JSON Response is: {
    records =     (
                {
            reason = "Record not found";
            recordName = "2/2/b5fba8fe2496ca996ebf4dbb82e134ed777fca0b";
            serverErrorCode = "NOT_FOUND";
        }
    );
}
CloudKit query for 帧享.app (2/b5fba8fe2496ca996ebf4dbb82e134ed777fca0b) failed due to "Record not found".
Could not find base64 encoded ticket in response for 2/b5fba8fe2496ca996ebf4dbb82e134ed777fca0b
The staple and validate action failed! Error 65.

error log https://gist.github.com/722433589a857599387e4e00b6c21743

sign.coffee

#!/usr/bin/env coffee

import {appBundleId} from './config.mjs'
import {notarize} from 'electron-notarize'
import {join,dirname} from 'path'
import {signAsync} from 'electron-osx-sign'
import thisdir from '@rmw/thisdir'

DIR = thisdir import.meta

do =>
  {argv,env} = process
  [app] = argv.slice(2)

  entitlements = join DIR,'i.plist'
  console.log 'sign', app
  await signAsync {
    app
    verbose:true
    entitlements
    'entitlements-inherit':entitlements
  }
  console.log 'signed'

  await notarize({
    appBundleId
    tool:'notarytool'
    appPath:app
    teamId: env.teamId
    appleId:env.appleId
    appleIdPassword:env.appleIdPassword
  })

  process.exit()

pkgutil --check-signature ../../release/帧享-darwin-x64/帧享.app

Big Sur Support

Hey there, Everything is working great on Catalina, but for Big Sur it's not accepting the notarization.

Add support for the new notarytool

Apple announced today a new tool called notarytool. It is to replace the xcrun altool command. It uses the new Apple backend that apparently is 4x faster.

Additionally, altool is now marked as deprecated.

Link: https://developer.apple.com/videos/play/wwdc2021/10261/

electron 10 and electron 9 is not sign ok

"electron": "^8.3.0",is ok but electron": "10.1.1 and electron 9 is not sign ok" i am use github actions
• packaging platform=darwin arch=x64 electron=10.1.1 appOutDir=dist_electron/mac
• downloading url=https://github.com/electron/electron/releases/download/v10.1.1/electron-v10.1.1-darwin-x64.zip size=76 MB parts=8
• downloaded url=https://github.com/electron/electron/releases/download/v10.1.1/electron-v10.1.1-darwin-x64.zip duration=1.803s
• signing file=dist_electron/mac/xxx.app identityName=Developer ID Application: xxxxx) identityHash=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx provisioningProfile=none
ERROR Error: Command failed: codesign --sign 6885E750C2C5A4A86E5BC8599EA9CD3480F090A5 --force --keychain /var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/95c4640e40a2a514e44b980605b0da40349af7a09b25d9f202864baad16279fc.keychain --options runtime --entitlements build/entitlements.mac.plist /Users/runner/work/yanbaoke-khd/yanbaoke-khd/dist_electron/mac/xxx.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework
/Users/runner/work/yanbaoke-khd/yanbaoke-khd/dist_electron/mac/xxx.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework: code object is not signed at all
In subcomponent: /Users/runner/work/yanbaoke-khd/yanbaoke-khd/dist_electron/mac/xxx.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Helpers/chrome_crashpad_handler

Error: Command failed: codesign --sign 6885E750C2C5A4A86E5BC8599EA9CD3480F090A5 --force --keychain /var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/95c4640e40a2a514e44b980605b0da40349af7a09b25d9f202864baad16279fc.keychain --options runtime --entitlements build/entitlements.mac.plist /Users/runner/work/yanbaoke-khd/yanbaoke-khd/dist_electron/mac/xxx.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework
/Users/runner/work/yanbaoke-khd/yanbaoke-khd/dist_electron/mac/xxx.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework: code object is not signed at all
In subcomponent: /Users/runner/work/yanbaoke-khd/yanbaoke-khd/dist_electron/mac/xxx.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Helpers/chrome_crashpad_handler

at ChildProcess.exithandler (child_process.js:294:12)
at ChildProcess.emit (events.js:198:13)
at ChildProcess.EventEmitter.emit (domain.js:448:20)
at maybeClose (internal/child_process.js:982:16)
at Socket.stream.socket.on (internal/child_process.js:389:11)
at Socket.emit (events.js:198:13)
at Socket.EventEmitter.emit (domain.js:448:20)
at Pipe._handle.close (net.js:607:12)

From previous event:
at module.exports.execFileAsync (/Users/runner/work/yanbaoke-khd/yanbaoke-khd/node_modules/vue-cli-plugin-electron-builder/node_modules/app-builder-lib/electron-osx-sign/util.js:41:10)
at /Users/runner/work/yanbaoke-khd/yanbaoke-khd/node_modules/vue-cli-plugin-electron-builder/node_modules/app-builder-lib/electron-osx-sign/sign.js:172:17
From previous event:
at signApplicationAsync (/Users/runner/work/yanbaoke-khd/yanbaoke-khd/node_modules/vue-cli-plugin-electron-builder/node_modules/app-builder-lib/electron-osx-sign/sign.js:127:6)
at /Users/runner/work/yanbaoke-khd/yanbaoke-khd/node_modules/vue-cli-plugin-electron-builder/node_modules/app-builder-lib/electron-osx-sign/sign.js:338:14
at process._tickCallback (internal/process/next_tick.js:68:7)
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] electron:build-yun: npm install && vue-cli-service electron:build
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] electron:build-yun script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR! /Users/runner/.npm/_logs/2020-09-02T03_37_30_036Z-debug.log
##[error]Process completed with exit code 1.

Uses wrong ascProvider / teamId?

I have multiple organization in my apple developer account. So the logical reason would be using teamId.

I was using following scripts:

require('dotenv').config();
const { notarize } = require('electron-notarize');

exports.default = async function notarizing(context) {
    const { electronPlatformName, appOutDir } = context;
    const appName = context.packager.appInfo.productFilename;
    console.log("PROVIDER", process.env.APPLE_ID_PROVIDER);
    return await notarize({
        tool: "notarytool",
        appBundleId: process.env.appId,
        appPath: `${appOutDir}/${appName}.app`,
        appleId: process.env.APPLE_ID,
        appleIdPassword: process.env.APPLE_ID_PASS,
        teamId: process.env.APPLE_ID_PROVIDER,
    });
};

And it sign successfully / no error were thrown - EXCEPT that the sign result is using wrong teamId. It uses automatically my own account teamId instead from the company's team Id which is set to process.env.APPLE_ID_PROVIDER. And I'm very sure that I've entered it correctly because the console.log("PROVIDER", ...) shows the correct company's team Id I wanted to have. "identityName=<Developer ID Application: *>" also shows the wrong team Id.

I've tried the legacy and notarytool, none of them were using the provider provided from "ascProvider" or "teamId", both were the same result.

Support notarizing Apple's "installer packages" (.pkg files).

In a sub-article to Apple's "Notarizing macOS Software Before Distribution" article, called "Customizing the Notarization Workflow", Apple says this:

The notary service accepts disk images (UDIF format), signed flat installer packages, and ZIP archives.

An "installer package" or a "flat installer package" is a .pkg file, it seems (article). Would you accept a PR that lets electron-notarize easily handle .pkg files?

electron-builder is easily configurable to output a signed .pkg file (doc), and notarizing it seems to be the natural thing to do. If I download and try to open a .pkg that hasn't been notarized, I get this message:

And I get no such message with a .pkg that has been notarized (more manually, with these steps, except using Xcode 12 instead of Xcode 10).

Can't get notarytool option working

If anybody's gotten notarytool working with electron-notarize please let me know. I'm happy to fix bugs or add documentation, but I can't figure out how to get notarytool to work with any of the available methods.

Legacy (altool) + password works

return notarize({
  tool: 'legacy',
  appPath,
  appBundleId: 'io.hypertools.Command-E',
  appleId,
  appleIdPassword,
}).catch((error) => {
  console.error(`configs/notarize.js: Notarization failed : ${error.message}`);
  process.exit(2);
});

notarytool + password doesn't work

// TODO: doesn't work
return notarize({
  tool: 'notarytool',
  appPath,
  appleId,
  appleIdPassword,
  teamId,
}).catch((error) => {
  console.error(`configs/notarize.js: Notarization failed : ${error.message}`);
  process.exit(2);
});

Fails with this error:

Error: HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct.

I'm using the exact same values for appleId and appleIdPassword that I pass when using legacy (altool), these calls are in the same script and those variable have the same values.

notarytool + keychain + keychainProfile doesn't work

return notarize({
  tool: 'notarytool',
  appPath,
  // TODO: Fix these values
  // https://github.com/electron/electron-notarize/issues/88
  // * `keychain` shouldn't be required
  // * `keychainProfile` should work but just doesn't
  keychain: '/Users/standefer/Library/Keychains/login.keychain-db',
  keychainProfile: 'AC_PASSWORD',
}).catch((error) => {
  console.error(`configs/notarize.js: Notarization failed : ${error.message}`);
  process.exit(2);
});

Fails with this error:

Error: No Keychain password item found for profile: AC_PASSWORD

Run 'notarytool store-credentials' to create another credential profile.

I've tried the debug command security list-keychains to list all my keychains. I've tried other keychain values. I've tried modifying electron-notarize myself to omit the --keychain argument, but I've run into various issues.

Has anybody figured out how to get notifytool working? Even hints would be helpful... I'm willing to try out different combinations and make improvements to electron-notarize if anybody has any clues. But I'm stumped! If you've gotten it working please paste your notarize script in here! 🙏

More discussion in here: #88 At first I thought this was just an issue with the --keychain argument, but upon further investigation it seems something might be broken with how electron-notarize calls notarytool in general.

slower response from apple API server for UUID status

this is not a problem of this pkg but kinda need a solution because I am not sure if/when apple will improve this on their end. (or maybe I need to switch ISP lol)

I've been observing a lot of errors about
electron-notarize:spawn cmd xcrun terminated with code: 239
Error Packaging App: Error: Failed to check status of notarization request: XXXXX
altool[5307:3097828] *** Error: Apple Services operation failed. Could not find the RequestUUID.
in our ci runs

the app is still notarized correctly (I am getting all the emails about notarization completed and approved)

seems apple API server is responding way slower now (for us, at least) than before and 10 seconds wait we set within the notarization pkg is not enough anymore. I am guessing their server is taking a lot heavier load than before now that Catalina is GA-ed and they might have scaling problem.

network issue/delay causes electron-notarize to fail even though notarization succeeded.

Not sure how actionable this is but I just notarized an app and the CLI failed with the following message:

[...]
  electron-notarize zip succeeded, attempting to upload to apple +9s
  electron-notarize upload success +2m
  electron-notarize found UUID: <snip> +0ms
  electron-notarize checking notarization status:<snip> +4ms
Error: Failed to check status of notarization request: <snip>

2019-05-21 14:51:26.892 altool[2752:56346] *** Error: Apple Services operation failed. Could not find the RequestUUID.

    at /Users/kilian/workspace/personal/myapp/node_modules/electron-notarize/src/index.ts:98:11
[...]

(uuid removed, don't know if that's sensitive)

...and then moments later I received an email from Apple about how everything went fine and I should go and distribute my app.

A second attempt did work without any issues so it's likely some network + timing issue, but I thought I'd mention it anyway.

Notarize crashes m1 macbook pro

I used to deploy/notarize my electron app on an intel macbook pro (intel 2015). It's run into the recalled battery issues for that model, so I've replaced it with a MacBook Pro (13-inch, M1, 2020) while I wait for it to be repaired.

Issue is however that electron-notarize appears to completely crash the M1 (full shutdown and restart) if it is interrupted.

The computer going to sleep interrupts it, causing the crash. Disabling sleep seems to indicate that notarize simply hangs forever sometimes, and never resolves (had it sitting for over an hour, which I'd never seen on the intel macbook). Trying to ctrl-C out of the process also interrupts notarize, causing the crash.
Of note, notarize doesn't seem to hang every time, as I've had one build that did eventually resolve, but all previous and subsequent ones seem to get stuck indefinitely.

electron-notarize 1.2.1
node v14.16.1
electron-builder 23.0.2

notarize script as follows:

require('dotenv').config();
const { notarize } = require('electron-notarize');

exports.default = async function notarizing(context) {
  console.log(`starting notarizing`, context)

  const { electronPlatformName, appOutDir } = context;  

  if (electronPlatformName !== 'darwin') {
    return;
  }

  const appName = context.packager.appInfo.productFilename;

  console.log(`doing notarize`)
  const notarizeResult = await notarize({
    appBundleId: context.packager.info._configuration.appId,
    appPath: `${appOutDir}/${appName}.app`,
    appleId: process.env.APPLEID,
    appleIdPassword: process.env.APPLEIDPASS,
  });

  console.log(`notarize complete`)

  return notarizeResult
};

upon restart, all I see in terminal is the following from the restored terminal window:

[...assorted building/packaging logs]
starting notarizing {
  [...snip]
}
doing notarize

[Restored Mar 29, 2022 at 4:06:17 PM]

Mac crash report as follows:

panic(cpu 1 caller 0xfffffe002c5febf8): Sleep transition timed out after 35 seconds while calling power state change callbacks. Suspected bundle: com.apple.iokit.IO80211Family. Thread 0x40afe.
Debugger message: panic
Memory ID: 0x6
OS release type: User
OS version: 21D62
Kernel version: Darwin Kernel Version 21.3.0: Wed Jan  5 21:37:58 PST 2022; root:xnu-8019.80.24~20/RELEASE_ARM64_T8101
Fileset Kernelcache UUID: 7C53FB49FDE6F710235278E472070819
Kernel UUID: F5893147-A9D2-3D60-B5A4-E4AE9BA0A628
iBoot version: iBoot-7429.81.3
secure boot?: YES
Paniclog version: 13
KernelCache slide: 0x00000000244c4000
KernelCache base:  0xfffffe002b4c8000
Kernel slide:      0x0000000024cf4000
Kernel text base:  0xfffffe002bcf8000
Kernel text exec slide: 0x0000000024ddc000
Kernel text exec base:  0xfffffe002bde0000
mach_absolute_time: 0x18a277486ea
Epoch Time:        sec       usec
  Boot    : 0x6242530f 0x00042514
  Sleep   : 0x00000000 0x00000000
  Wake    : 0x00000000 0x00000000
  Calendar: 0x62436691 0x00076ffe

Zone info:
Foreign   : 0xfffffe0033510000 - 0xfffffe0033524000
Native    : 0xfffffe100061c000 - 0xfffffe300061c000
Readonly  : 0xfffffe14cd2e8000 - 0xfffffe1666c7c000
Metadata  : 0xfffffe8305c1c000 - 0xfffffe8311b54000
Bitmaps   : 0xfffffe8305c20000 - 0xfffffe8308828000
CORE 0 recently retired instr at 0xfffffe002bf6b90c
CORE 1 recently retired instr at 0xfffffe002bf6a320
CORE 2 recently retired instr at 0xfffffe002bf6b90c
CORE 3 recently retired instr at 0xfffffe002bf6b90c
CORE 4 recently retired instr at 0xfffffe002bf6b910
CORE 5 recently retired instr at 0xfffffe002bf6b910
CORE 6 recently retired instr at 0xfffffe002bf6b910
CORE 7 recently retired instr at 0xfffffe002bf6b910
CORE 0 PVH locks held: None
CORE 1 PVH locks held: None
CORE 2 PVH locks held: None
CORE 3 PVH locks held: None
CORE 4 PVH locks held: None
CORE 5 PVH locks held: None
CORE 6 PVH locks held: None
CORE 7 PVH locks held: None
CORE 0: PC=0xfffffe002be66e30, LR=0xfffffe002be66e30, FP=0xfffffe6f762cbef0
CORE 1 is the one that panicked. Check the full backtrace for details.
CORE 2: PC=0xfffffe002be66e30, LR=0xfffffe002be66e30, FP=0xfffffe6f7f4bbef0
CORE 3: PC=0xfffffe002be66e30, LR=0xfffffe002be66e30, FP=0xfffffe6f7622bef0
CORE 4: PC=0xfffffe002be66e30, LR=0xfffffe002be66e30, FP=0xfffffe6f7f6bbef0
CORE 5: PC=0xfffffe002be66e30, LR=0xfffffe002be66e30, FP=0xfffffe6f7f27bef0
CORE 6: PC=0xfffffe002be66e30, LR=0xfffffe002be66e30, FP=0xfffffe6f756fbef0
CORE 7: PC=0xfffffe002be66e30, LR=0xfffffe002be66e30, FP=0xfffffe6f7f49bef0
Panicked task 0xfffffe1b339f8678: 0 pages, 545 threads: pid 0: kernel_task
Panicked thread: 0xfffffe16686a5860, backtrace: 0xfffffe6f760eb3e0, tid: 277525
		  lr: 0xfffffe002be324c4  fp: 0xfffffe6f760eb450
		  lr: 0xfffffe002be32194  fp: 0xfffffe6f760eb4c0
		  lr: 0xfffffe002bf71984  fp: 0xfffffe6f760eb4e0
		  lr: 0xfffffe002bf6426c  fp: 0xfffffe6f760eb560
		  lr: 0xfffffe002bf61cbc  fp: 0xfffffe6f760eb620
		  lr: 0xfffffe002bde77f8  fp: 0xfffffe6f760eb630
		  lr: 0xfffffe002be31e0c  fp: 0xfffffe6f760eb9d0
		  lr: 0xfffffe002be31e0c  fp: 0xfffffe6f760eba40
		  lr: 0xfffffe002c644ca8  fp: 0xfffffe6f760eba60
		  lr: 0xfffffe002c5febf8  fp: 0xfffffe6f760ebd80
		  lr: 0xfffffe002c545a50  fp: 0xfffffe6f760ebdb0
		  lr: 0xfffffe002be83998  fp: 0xfffffe6f760ebe30
		  lr: 0xfffffe002be849ec  fp: 0xfffffe6f760ebf20
		  lr: 0xfffffe002bdf0e78  fp: 0x0000000000000000

last started kext at 977044390: com.apple.driver.driverkit.serial	6.0.0 (addr 0xfffffe002bbd5cd0, size 3432)
loaded kexts:
com.apple.filesystems.autofs	3.0
com.apple.fileutil	20.036.15
com.apple.driver.AppleBiometricServices	1
com.apple.driver.CoreKDL	1
com.apple.driver.AppleTopCaseHIDEventDriver	5020.1
com.apple.driver.BCMWLANFirmware4378.Hashstore	1
com.apple.driver.SEPHibernation	1
com.apple.driver.DiskImages.ReadWriteDiskImage	493.0.0
com.apple.driver.DiskImages.UDIFDiskImage	493.0.0
com.apple.driver.DiskImages.RAMBackingStore	493.0.0
com.apple.driver.DiskImages.FileBackingStore	493.0.0
com.apple.filesystems.apfs	1933.80.3
com.apple.driver.AppleSmartBatteryManager	161.0.0
com.apple.driver.AppleUSBDeviceNCM	5.0.0
com.apple.driver.AppleThunderboltIP	4.0.3
com.apple.driver.AppleALSColorSensor	1.0.0d1
com.apple.driver.AppleFileSystemDriver	3.0.1
com.apple.driver.ApplePMP	1
com.apple.driver.AppleAOPVoiceTrigger	100.1
com.apple.nke.l2tp	1.9
com.apple.filesystems.tmpfs	1
com.apple.driver.AppleSmartIO2	1
com.apple.driver.ApplePMPFirmware	1
com.apple.filesystems.lifs	1
com.apple.IOTextEncryptionFamily	1.0.0
com.apple.filesystems.hfs.kext	582.60.2
com.apple.security.BootPolicy	1
com.apple.BootCache	40
com.apple.AppleFSCompression.AppleFSCompressionTypeZlib	1.0.0
com.apple.AppleFSCompression.AppleFSCompressionTypeDataless	1.0.0d1
com.apple.driver.AppleDPDisplayTCON	1
com.apple.AppleEmbeddedSimpleSPINORFlasher	1
com.apple.driver.AppleSPMIPMU	1.0.1
com.apple.driver.AppleCS42L83Audio	530.2
com.apple.driver.AppleTAS5770LAmp	530.2
com.apple.driver.AppleSummitLCD	1.0.0
com.apple.driver.AppleAVE2	530.3.0
com.apple.driver.AppleMobileDispH13G-DCP	140.0
com.apple.driver.AppleT8020SOCTuner	1
com.apple.driver.AppleT8103CLPCv3	1
com.apple.driver.AppleAVD	555
com.apple.driver.AppleJPEGDriver	4.7.9
com.apple.AGXG13G	188.10
com.apple.driver.AudioDMAController-T8103	100.51
com.apple.driver.usb.AppleSynopsysUSB40XHCI	1
com.apple.driver.AppleSerialShim	1
com.apple.driver.AppleEventLogHandler	1
com.apple.driver.AppleS5L8960XNCO	1
com.apple.driver.AppleT8103PMGR	1
com.apple.driver.AppleS8000AES	1
com.apple.driver.AppleS8000DWI	1.0.0d1
com.apple.driver.AppleInterruptController	1.0.0d1
com.apple.driver.AppleBluetoothModule	1
com.apple.driver.AppleSamsungSerial	1.0.0d1
com.apple.driver.AppleBCMWLANBusInterfacePCIe	1
com.apple.driver.AppleT8020DART	1
com.apple.driver.AppleSynopsysMIPIDSI	1.0.0
com.apple.driver.AppleS5L8920XPWM	1.0.0d1
com.apple.driver.AppleS5L8940XI2C	1.0.0d2
com.apple.driver.AppleSPIMC	1
com.apple.driver.AppleT8101	1
com.apple.driver.AppleM68Buttons	1.0.0d1
com.apple.iokit.IOUserEthernet	1.0.1
com.apple.driver.usb.AppleUSBUserHCI	1
com.apple.iokit.IOKitRegistryCompatibility	1
com.apple.iokit.EndpointSecurity	1
com.apple.driver.AppleDiskImages2	126.60.3
com.apple.AppleSystemPolicy	2.0.0
com.apple.nke.applicationfirewall	402
com.apple.kec.InvalidateHmac	1
com.apple.kec.AppleEncryptedArchive	1
com.apple.driver.driverkit.serial	6.0.0
com.apple.kext.triggers	1.0
com.apple.iokit.IOAVBFamily	1010.2
com.apple.plugin.IOgPTPPlugin	1000.11
com.apple.iokit.IOEthernetAVBController	1.1.0
com.apple.driver.AppleMesaSEPDriver	100.99
com.apple.iokit.IOBiometricFamily	1
com.apple.driver.AppleActuatorDriver	5430.21
com.apple.driver.AppleMultitouchDriver	5430.21
com.apple.driver.AppleHSBluetoothDriver	5020.1
com.apple.driver.IOBluetoothHIDDriver	9.0.0
com.apple.driver.AppleHIDKeyboard	228
com.apple.driver.AppleTrustedAccessory	1
com.apple.iokit.AppleSEPGenericTransfer	1
com.apple.driver.AppleSEPHDCPManager	1.0.1
com.apple.driver.DiskImages.KernelBacked	493.0.0
com.apple.driver.AppleBTM	1.0.1
com.apple.driver.AppleXsanScheme	3
com.apple.driver.AppleConvergedIPCOLYBTControl	1
com.apple.driver.AppleConvergedPCI	1
com.apple.driver.AppleBluetoothDebug	1
com.apple.driver.usb.networking	5.0.0
com.apple.driver.AppleThunderboltUSBDownAdapter	1.0.4
com.apple.driver.AppleThunderboltDPInAdapter	8.5.1
com.apple.driver.AppleThunderboltDPAdapterFamily	8.5.1
com.apple.driver.AppleThunderboltPCIDownAdapter	4.1.1
com.apple.driver.AppleDCPDPTXProxy	1.0.0
com.apple.driver.AppleAOPAudio	102.2
com.apple.nke.ppp	1.9
com.apple.driver.DCPDPFamilyProxy	1
com.apple.driver.AppleBSDKextStarter	3
com.apple.filesystems.hfs.encodings.kext	1
com.apple.AGXFirmwareKextG13GRTBuddy	188.10
com.apple.AGXFirmwareKextRTBuddy64	188.10
com.apple.iokit.IONVMeFamily	2.1.0
com.apple.driver.AppleStockholmControl	1.0.0
com.apple.driver.AppleSPU	1
com.apple.driver.AppleHIDTransportSPI	5400.30
com.apple.driver.AppleHIDTransport	5400.30
com.apple.driver.AppleInputDeviceSupport	5400.30
com.apple.driver.AppleDiagnosticDataAccessReadOnly	1.0.0
com.apple.driver.AppleNANDConfigAccess	1.0.0
com.apple.driver.AppleDialogPMU	1.0.1
com.apple.driver.AppleHPM	3.4.4
com.apple.driver.AppleCSEmbeddedAudio	530.2
com.apple.driver.AppleEmbeddedAudio	530.2
com.apple.iokit.AppleARMIISAudio	100.1
com.apple.driver.DCPAVFamilyProxy	1
com.apple.driver.AppleSPMI	1.0.1
com.apple.iokit.IOMobileGraphicsFamily-DCP	343.0.0
com.apple.driver.AppleDCP	1
com.apple.driver.AppleFirmwareKit	1
com.apple.driver.ApplePassthroughPPM	3.0
com.apple.driver.AppleSART	1
com.apple.driver.AppleH13CameraInterface	4.87.0
com.apple.driver.AppleH10PearlCameraInterface	17.0.3
com.apple.driver.AppleH11ANEInterface	5.35.0
com.apple.iokit.IOGPUFamily	35.11
com.apple.driver.AppleUSBXDCIARM	1.0
com.apple.driver.AppleUSBXDCI	1.0
com.apple.iokit.IOUSBDeviceFamily	2.0.0
com.apple.driver.usb.AppleSynopsysUSBXHCI	1
com.apple.driver.usb.AppleUSBXHCI	1.2
com.apple.driver.AppleEmbeddedUSBHost	1
com.apple.driver.usb.AppleUSBHub	1.2
com.apple.driver.usb.AppleUSBHostCompositeDevice	1.2
com.apple.driver.AppleT8103TypeCPhy	1
com.apple.driver.ApplePMGR	1
com.apple.driver.AppleARMWatchdogTimer	1
com.apple.driver.usb.AppleUSBHostPacketFilter	1.0
com.apple.driver.AppleDisplayCrossbar	1.0.0
com.apple.iokit.IODisplayPortFamily	1.0.0
com.apple.driver.AppleTypeCPhy	1
com.apple.driver.AppleThunderboltNHI	7.2.8
com.apple.driver.AppleT8103PCIeC	1
com.apple.iokit.IOThunderboltFamily	9.3.3
com.apple.driver.ApplePIODMA	1
com.apple.driver.AppleT8103PCIe	1
com.apple.driver.AppleMultiFunctionManager	1
com.apple.driver.AppleBluetoothDebugService	1
com.apple.driver.AppleBCMWLANCore	1.0.0
com.apple.iokit.IO80211Family	1200.12.2b1
com.apple.driver.IOImageLoader	1.0.0
com.apple.driver.AppleOLYHAL	1
com.apple.driver.corecapture	1.0.4
com.apple.driver.AppleEmbeddedPCIE	1
com.apple.driver.AppleMobileDispH13G-DFR	140.0
com.apple.iokit.IOMobileGraphicsFamily	343.0.0
com.apple.driver.AppleMCA2-T8103	600.95
com.apple.driver.AppleEmbeddedAudioLibs	100.9.1
com.apple.driver.AppleFirmwareUpdateKext	1
com.apple.driver.AppleGPIOICController	1.0.2
com.apple.driver.AppleFireStormErrorHandler	1
com.apple.driver.AppleMobileApNonce	1
com.apple.iokit.IOTimeSyncFamily	1000.11
com.apple.driver.DiskImages	493.0.0
com.apple.iokit.IOGraphicsFamily	593
com.apple.iokit.IOBluetoothSerialManager	9.0.0
com.apple.iokit.IOBluetoothHostControllerUSBTransport	9.0.0
com.apple.iokit.IOBluetoothHostControllerUARTTransport	9.0.0
com.apple.iokit.IOBluetoothHostControllerTransport	9.0.0
com.apple.driver.IOBluetoothHostControllerPCIeTransport	9.0.0
com.apple.iokit.IOBluetoothFamily	9.0.0
com.apple.driver.FairPlayIOKit	68.13.1
com.apple.iokit.CSRBluetoothHostControllerUSBTransport	9.0.0
com.apple.iokit.BroadcomBluetoothHostControllerUSBTransport	9.0.0
com.apple.driver.AppleSSE	1.0
com.apple.driver.AppleSEPKeyStore	2
com.apple.driver.AppleUSBTDM	532.40.7
com.apple.iokit.IOUSBMassStorageDriver	209.40.6
com.apple.iokit.IOPCIFamily	2.9
com.apple.iokit.IOSCSIBlockCommandsDevice	452.60.2
com.apple.iokit.IOSCSIArchitectureModelFamily	452.60.2
com.apple.driver.AppleIPAppender	1.0
com.apple.driver.AppleFDEKeyStore	28.30
com.apple.driver.AppleEffaceableStorage	1.0
com.apple.driver.AppleCredentialManager	1.0
com.apple.driver.KernelRelayHost	1
com.apple.iokit.IOUSBHostFamily	1.2
com.apple.driver.AppleUSBHostMergeProperties	1.2
com.apple.driver.usb.AppleUSBCommon	1.0
com.apple.driver.AppleSMC	3.1.9
com.apple.driver.RTBuddy	1.0.0
com.apple.driver.AppleEmbeddedTempSensor	1.0.0
com.apple.driver.AppleARMPMU	1.0
com.apple.iokit.IOAccessoryManager	1.0.0
com.apple.driver.AppleOnboardSerial	1.0
com.apple.iokit.IOSkywalkFamily	1.0
com.apple.driver.mDNSOffloadUserClient	1.0.1b8
com.apple.iokit.IONetworkingFamily	3.4
com.apple.iokit.IOSerialFamily	11
com.apple.driver.AppleSEPManager	1.0.1
com.apple.driver.AppleA7IOP	1.0.2
com.apple.driver.IOSlaveProcessor	1
com.apple.driver.AppleBiometricSensor	2
com.apple.iokit.IOHIDFamily	2.0.0
com.apple.iokit.CoreAnalyticsFamily	1
com.apple.AUC	1.0
com.apple.iokit.IOAVFamily	1.0.0
com.apple.iokit.IOHDCPFamily	1.0.0
com.apple.iokit.IOCECFamily	1
com.apple.iokit.IOAudio2Family	1.0
com.apple.driver.AppleIISController	100.1
com.apple.driver.AppleAudioClockLibs	100.9.1
com.apple.driver.AppleM2ScalerCSCDriver	265.0.0
com.apple.iokit.IOSurface	302.11.1
com.apple.driver.IODARTFamily	1
com.apple.security.quarantine	4
com.apple.security.sandbox	300.0
com.apple.kext.AppleMatch	1.0.0d1
com.apple.driver.AppleMobileFileIntegrity	1.0.5
com.apple.security.AppleImage4	4.2.0
com.apple.kext.CoreTrust	1
com.apple.iokit.IOCryptoAcceleratorFamily	1.0.1
com.apple.driver.AppleARMPlatform	1.0.2
com.apple.iokit.IOStorageFamily	2.1
com.apple.iokit.IOSlowAdaptiveClockingFamily	1.0.0
com.apple.iokit.IOReportFamily	47
com.apple.kec.pthread	1
com.apple.kec.Libm	1
com.apple.kec.corecrypto	12.0



** Stackshot Succeeded ** Bytes Traced 422998 (Uncompressed 1075440) **

mapped file has no cdhash, completely unsigned?

Forking a Javascript file from my electron Main process works correctly without notarizing.

However, after successfully notarizing, I get this error in the main process when forking:

[2021-03-08 20:52:45.836] [info] FORKING PRODUCTION API /Users/jeffjassky/Projects/StoryFolderDesktop/dist_electron/mac/StoryFolder.app/Contents/Resources/app.asar/api-dist.js
[2021-03-08 20:52:46.512] [info] Window received message from API: Uncaught Exception: 2
Caught exception: Error: dlopen(/var/folders/g2/x9096kcj03j4lmn8vrzx37800000gn/T/.org.chromium.Chromium.SGkybo, 1): no suitable image found.  Did find:
	/var/folders/g2/x9096kcj03j4lmn8vrzx37800000gn/T/.org.chromium.Chromium.SGkybo: code signature in (/var/folders/g2/x9096kcj03j4lmn8vrzx37800000gn/T/.org.chromium.Chromium.SGkybo) not valid for use in process using Library Validation: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.
	/var/folders/g2/x9096kcj03j4lmn8vrzx37800000gn/T/.org.chromium.Chromium.SGkybo: stat() failed with errno=17
Exception origin: uncaughtException
[2021-03-08 20:52:46.517] [info] API Process Disconnected
[2021-03-08 20:52:46.535] [info] API Process Exited
[2021-03-08 20:52:46.536] [info] API Process Closed

My very first guess, after coming across this electron/electron#19342 is that other things within my package may need additional codesigning. This is my first production electron app so just learning the ropes here.

Thanks, y'all.

Forward errors to stderr so users can debug issues

I got the error Failure! Error: Failed to check status of notarization request: ...

Running the xcrun altool --notarization-info ... command manually, I saw this error:
Agreeing to the Xcode/iOS license requires admin privileges, please run “sudo xcodebuild -license” and then retry this command.

Perhaps this tool could be better about either forwarding the error to stdout, or handling this error specifically, since in my case at least, there's a clear action the user needs to take, and I couldn't have known without reading the source of electron-notarize to track down the error manually..

Notarization failure after upgrading electron-forge

After upgrading Electron Forge to v6.0.0-beta.61, we got the following error in our CI:

Run yarn make
- Checking your system
✔ Checking your system
- Resolving Forge Config
✔ Resolving Forge Config
- Preparing to Package Application for arch: x64
We need to package your application before we can make it
- Compiling Main Process Code
✔ Compiling Main Process Code
- Compiling Renderer Template
✔ Compiling Renderer Template
- Compiling Renderer Preload: main_window
✔ Compiling Renderer Preload: main_window
✔ Preparing to Package Application for arch: x64
- Preparing native dependencies
✔ Preparing native dependencies
- Packaging Application
WARNING: Code sign failed; please retry manually. Error: No identity found for signing.

An unhandled rejection has occurred inside Forge:
Error: The appleId property is required when using notarization with appleIdPassword
    at Object.validateLegacyAuthorizationArgs (/Users/runner/work/nerdst/nerdst/node_modules/electron-notarize/src/validate-args.ts:36:13)
    at authorizationArgs (/Users/runner/work/nerdst/nerdst/node_modules/electron-notarize/src/legacy.ts:17:16)
    at Object.<anonymous> (/Users/runner/work/nerdst/nerdst/node_modules/electron-notarize/src/legacy.ts:58:10)
    at Generator.next (<anonymous>)
    at fulfilled (/Users/runner/work/nerdst/nerdst/node_modules/electron-notarize/lib/legacy.js:4:58)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)

My config in Electron Forge:

const { APPLE_ID, APPLE_PASSWORD, APPLE_DEVELOPER_IDENTITY } = process.env

module.exports = {
  packagerConfig: {
    asar: true,
    icon: './src/icons/app.icns',
    extraResource: ['./src/sounds/[REDACTED].aif'],
    osxSign: {
      identity: APPLE_DEVELOPER_IDENTITY,
      'hardened-runtime': true,
      entitlements: 'etc/entitlements.plist',
      'entitlements-inherit': 'etc/entitlements.plist',
      'signature-flags': 'library',
      'gatekeeper-assess': false,
    },
    osxNotarize: {
      appBundleId: '[REDACTED]',
      ascProvider: '[REDACTED]',
      appleId: APPLE_ID,
      appleIdPassword: APPLE_PASSWORD,
    },
    packageManager: 'yarn',
    executableName: '[REDACTED]',
  },

This works when I don't upgrade electron-forge which means those environment variables are indeed set in my secrets.

Error: Unnotarized Developer ID (but everything still works just fine)

When running electron-forge make, I get the following errors:

Code sign failed; please retry manually.
Unnotarized Developer ID

But everything seems to be working. I get an email from Apple saying that the app was successfully notarized, and I'm able to open the the .app file without having to mess around with security settings.

Here's all the output:

✔ Checking your system
✔ Resolving Forge Config
We need to package your application before we can make it
✔ Compiling Main Process Code
✔ Compiling Renderer Template
✔ Preparing to Package Application for arch: x64
✔ Preparing native dependencies
⠇ Packaging ApplicationWARNING: Code sign failed; please retry manually. Error: Command failed: spctl --assess --type execute --verbose --ignore-cache --no-cache /var/folders/b2/39r20yb11fbd_ymjrmvtf5y80000gn/T/electron-packager/darwin-x64/Plumb-darwin-x64/Plumb.app
/var/folders/b2/39r20yb11fbd_ymjrmvtf5y80000gn/T/electron-packager/darwin-x64/Plumb-darwin-x64/Plumb.app: rejected
source=Unnotarized Developer ID
✔ Packaging Application
Making for the following targets: zip
✔ Making for target: zip - On platform: darwin - For arch: x64

Travis-CI: xcrun: error: unable to find utility "altool", not a developer tool or in PATH

Hi,
I have applied your instructions from https://kilianvalkhof.com/2019/electron/notarizing-your-electron-application/ to our existing CICD pipeline and get the following error:
Error: Failed to upload app to Apples notarization servers
xcrun: error: unable to find utility "altool", not a developer tool or in PATH

Any thoughts much appreciated

Error: Unnotarized Developer ID (but everything works fine)

When running electron-forge make, I get the following errors:

Code sign failed; please retry manually.
Unnotarized Developer ID

Here's all the output:

✔ Checking your system
✔ Resolving Forge Config
We need to package your application before we can make it
✔ Compiling Main Process Code
✔ Compiling Renderer Template
✔ Preparing to Package Application for arch: x64
✔ Preparing native dependencies
⠇ Packaging ApplicationWARNING: Code sign failed; please retry manually. Error: Command failed: spctl --assess --type execute --verbose --ignore-cache --no-cache /var/folders/b2/39r20yb11fbd_ymjrmvtf5y80000gn/T/electron-packager/darwin-x64/Plumb-darwin-x64/Plumb.app
/var/folders/b2/39r20yb11fbd_ymjrmvtf5y80000gn/T/electron-packager/darwin-x64/Plumb-darwin-x64/Plumb.app: rejected
source=Unnotarized Developer ID
✔ Packaging Application
Making for the following targets: zip
✔ Making for target: zip - On platform: darwin - For arch: x64

--keychain argument not necessary

Can we get rid of it. Or at least make it optional. notarytool will just use the default keychain.

Notarize task started failing today

Using electron-notarize to submit an electron 8.x app. Everything worked fine until today. Now the notarize task fails with different errors:

RangeError: Invalid string length
or
An error occurred saving your changes to the Apple database

Note that the notarization still runs and finishes - I receive a mail from Apple that the app was notarized successfully. However, the electron build process fails long before that. Using Xcode 12.1 and macOS 10.15.7 and [email protected]

electron-notarize fails behind proxy server

I am using electron-builder in conjunction with electron-notify to sign and notarize my electron-based MacOS application. Unfortunately, the call to notarize() is failing with the following error:

  ⨯ Failed to upload app to Apple's notarization servers

*** Error: Unable to notarize app.
*** Error: An error occurred uploading to Apple Services. (-10000)
 Error:
[2021-07-23 15:53:49 CDT] <main>  INFO: An error occurred checking the HEAD for: https://contentdelivery.itunes.apple.com/transporter/repositories/j2se8/latest/repository.xml Operation timed out Exception's name: java.net.ConnectException, Exception's message: Operation timed out
[2021-07-23 15:55:05 CDT] <main>  INFO: An error occurred checking the HEAD for: https://contentdelivery.itunes.apple.com/transporter/repositories/j2se7/latest/repository.xml Operation timed out Exception's name: java.net.ConnectException, Exception's message: Operation timed out
[2021-07-23 15:56:22 CDT] <main>  INFO: An error occurred checking the HEAD for: https://contentdelivery.itunes.apple.com/transporter/repositories/j2se6/latest/repository.xml Operation timed out Exception's name: java.net.ConnectException, Exception's message: Operation timed out
[2021-07-23 15:57:38 CDT] <main>  INFO: An error occurred checking the HEAD for: https://contentdelivery.itunes.apple.com/transporter/repositories/j2se5/latest/repository.xml Operation timed out Exception's name: java.net.ConnectException, Exception's message: Operation timed out
java.lang.reflect.InvocationTargetException
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at com.apple.transporter.launcher.Application.start(Application.java:450)
	at com.apple.transporter.launcher.Application.main(Application.java:947)
Caused by: java.io.IOException: Could not connect to any repositories
	at com.apple.transporter.misc.RemoteBundleRepository.getRepositoryUriAndEtag(RemoteBundleRepository.java:227)
	at com.apple.transporter.misc.RemoteBundleRepository.loadResourcesFromRepository(RemoteBundleRepository.java:141)
	at com.apple.transporter.bootstrap.BootstrapperPhase1.downloadNeededBundles(BootstrapperPhase1.java:247)
	at com.apple.transporter.bootstrap.BootstrapperPhase1.bootstrap(BootstrapperPhase1.java:97)
	at com.apple.transporter.bootstrap.BootstrapperPhase1.bootstrap(BootstrapperPhase1.java:59)
	at com.apple.transporter.launcher.Launcher.launchBootstrapper(Launcher.java:37)
	... 6 more

 Out:

  failedTask=build stackTrace=Error: Failed to upload app to Apple's notarization servers
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             *** Error: Unable to notarize app.
*** Error: An error occurred uploading to Apple Services. (-10000)
 Error:
[2021-07-23 15:53:49 CDT] <main>  INFO: An error occurred checking the HEAD for: https://contentdelivery.itunes.apple.com/transporter/repositories/j2se8/latest/repository.xml Operation timed out Exception's name: java.net.ConnectException, Exception's message: Operation timed out
[2021-07-23 15:55:05 CDT] <main>  INFO: An error occurred checking the HEAD for: https://contentdelivery.itunes.apple.com/transporter/repositories/j2se7/latest/repository.xml Operation timed out Exception's name: java.net.ConnectException, Exception's message: Operation timed out
[2021-07-23 15:56:22 CDT] <main>  INFO: An error occurred checking the HEAD for: https://contentdelivery.itunes.apple.com/transporter/repositories/j2se6/latest/repository.xml Operation timed out Exception's name: java.net.ConnectException, Exception's message: Operation timed out
[2021-07-23 15:57:38 CDT] <main>  INFO: An error occurred checking the HEAD for: https://contentdelivery.itunes.apple.com/transporter/repositories/j2se5/latest/repository.xml Operation timed out Exception's name: java.net.ConnectException, Exception's message: Operation timed out
java.lang.reflect.InvocationTargetException
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at com.apple.transporter.launcher.Application.start(Application.java:450)
	at com.apple.transporter.launcher.Application.main(Application.java:947)
Caused by: java.io.IOException: Could not connect to any repositories
	at com.apple.transporter.misc.RemoteBundleRepository.getRepositoryUriAndEtag(RemoteBundleRepository.java:227)
	at com.apple.transporter.misc.RemoteBundleRepository.loadResourcesFromRepository(RemoteBundleRepository.java:141)
	at com.apple.transporter.bootstrap.BootstrapperPhase1.downloadNeededBundles(BootstrapperPhase1.java:247)
	at com.apple.transporter.bootstrap.BootstrapperPhase1.bootstrap(BootstrapperPhase1.java:97)
	at com.apple.transporter.bootstrap.BootstrapperPhase1.bootstrap(BootstrapperPhase1.java:59)
	at com.apple.transporter.launcher.Launcher.launchBootstrapper(Launcher.java:37)
	... 6 more
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Out:
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 at /Users/rpatrick/Projects/wktui/electron/node_modules/electron-notarize/src/index.ts:87:13
    at Generator.next (<anonymous>)
    at fulfilled (/Users/rpatrick/Projects/wktui/electron/node_modules/electron-notarize/lib/index.js:4:58)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)

Since it does not appear that electron-notarize is setting the env option for child_process.spawn(), I added a console.log() statement immediately prior to your call to spawn. Here is the output for the spawn() call to run xcrun. As you can see, http_proxy, HTTP_PROXY, https_proxy, HTTPS_PROXY, no_proxy, and NO_PROXY are all set correctly but the call is still failing to reach the Apple servers.

XXXXXXXXXXXXXXXXXXX cmd = xcrun, args = [
  'altool',
  '--notarize-app',
  '-f',
  '/var/folders/bk/wjh09t9x18d388989l3mdb_h0000gn/T/electron-notarize-rc3SlG/WebLogic Kubernetes Toolkit UI.zip',
  '--primary-bundle-id',
  '<redacted>.wktui',
  '-u',
  [Secret],
  '-p',
  [Secret]
], env = {
  http_proxy: 'http://<redacted-proxy-server>:80',
  https_proxy: 'http://<redacted-proxy-server>:80',
  no_proxy: '<redacted-no-proxy-list>',

  HTTP_PROXY: 'http://<redacted-proxy-server>:80',
  HTTPS_PROXY: 'http://<redacted-proxy-server>:80',
  NO_PROXY: '<redacted-no-proxy-list>',

  ELECTRON_GET_USE_PROXY: 'true',
  GLOBAL_AGENT_HTTPS_PROXY: 'http://<redacted-proxy-server>:80',

  NODE: '/usr/local/bin/node',
  INIT_CWD: '/Users/rpatrick/Projects/wktui/electron',
  SHELL: '/bin/zsh',

  npm_config_metrics_registry: 'https://<redacted-artifactory-server>/api/npm/npmjs-remote',
  npm_config_noproxy: '<redacted-no-proxy-list>',
  npm_config_registry: 'https://<redacted-artifactory-server>/api/npm/npmjs-remote',
  npm_config_globalconfig: '/usr/local/etc/npmrc',
  npm_execpath: '/usr/local/lib/node_modules/npm/bin/npm-cli.js',
  npm_package_json: '/Users/rpatrick/Projects/wktui/electron/package.json',
  _: '/Users/rpatrick/Projects/wktui/electron/node_modules/.bin/electron-builder',
  npm_config_userconfig: '/Users/rpatrick/.npmrc',
  npm_config_init_module: '/Users/rpatrick/.npm-init.js',
  npm_command: 'run-script',
  PWD: '/Users/rpatrick/Projects/wktui/electron',
  npm_lifecycle_event: 'build:installer',
  npm_package_name: 'wktui',
  npm_config_node_gyp: '/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js',
  npm_package_version: '1.0.0',
  npm_config_cache: '/Users/rpatrick/.npm',
  npm_lifecycle_script: 'electron-builder --config electron-builder.yaml',
  npm_config_user_agent: 'npm/7.19.1 node/v14.17.3 darwin x64 workspaces/false',
  npm_node_execpath: '/usr/local/bin/node',
  npm_config_prefix: '/usr/local',

  CSC_NAME: '<redacted>',
  APPLEID: '<redacted>',
  APPLEIDPASS: '<redacted>'

  ...
}

If I run this exact same build from the Internet without the proxy-related environment variables, the build is able to reach the Apple servers (it's currently failing on the server but it is reaching it and producing a server-side log file). Unfortunately, our CI server that will build and sign the application is on our corporate network so it will require using a proxy server to reach the Internet.

app_specific_password

with the following commandLine:
security add-generic-password -a "AC_USERNAME" -w <app_specific_password> -s "AC_PASSWORD"
how can I get the correct <app_specific_password>?

I have tried the actually appleIdPassword, but it still got error:
altool[42480:474497] *** Error: The keychain item 'AC_PASSWORD' was not found. Failed to get the password for the keychain item 'AC_PASSWORD'.

Electron-packager bundled notarize tool doesn't work.

Hi, I am try to notarize my app, but when I run it I get this error.

Unhanled error while polling the notarization status.

Recently I have been encountering a problem where the polling loop which waits for the notarization process to complete has been failing. It will check the status 3-4 times, and then it will fail.

09:47:21    'altool',
09:47:21    '--notarization-info',
09:47:21    'redacted',
09:47:21    '-u',
09:47:21    '*********',
09:47:21    '-p',
09:47:21    '*********'
09:47:21  ] opts: {}

09:47:22  events.js:292
09:47:22        throw er; // Unhandled 'error' event
09:47:22        ^
09:47:22  
09:47:22  Error: read EFAULT
09:47:22      at Pipe.onStreamRead (internal/stream_base_commons.js:209:20)
09:47:22  Emitted 'error' event on Socket instance at:
09:47:22      at emitErrorNT (internal/streams/destroy.js:106:8)
09:47:22      at emitErrorCloseNT (internal/streams/destroy.js:74:3)
09:47:22      at processTicksAndRejections (internal/process/task_queues.js:80:21) {
09:47:22    errno: -14,
09:47:22    code: 'EFAULT',
09:47:22    syscall: 'read'
09:47:22  }

Looks like probably the stream is being terminated and we don't get a result. The exception this generates is unhandled and as a result the process completes unsuccessfully. It seems like it may be best to continue to poll statuses unless this happens continuously.

Add CLI

This would be useful for people not using this add-on as a JS hook in electron-builder. Similar to how electron-osx-sign has them.

Someone has made a separate electron-notatize-cli package, but it's inconvenient because of being tied to whatever version of this package it specifies as a dependency. I asked them to open a PR here instead but it seems like they're not interested: https://gitlab.com/fozi/electron-notarize-cli/issues/1

Add a retry for stapling

Similar to the wait for notarize, occasionally staple will fail with a timeout to cloudkit servers, forcing a new build.

Support "early staple"

Often times stapler staple succeeds before the notarization backend returns a successful notarization status.

The notarization plugin for Fastlane supports this "feature" by calling it early staple (see here https://github.com/zeplin/fastlane-plugin-notarize/blob/master/lib/fastlane/plugin/notarize/actions/notarize_action.rb#L9)

What it does is essentially just checking wether xcrun stapler staple ... succeeds while polling for the notarization result.

The automated release is failing 🚨

🚨 The automated release from the `master` branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you could benefit from your bug fixes and new features.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can resolve this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here is some links that can help you:

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

Missing CFA_HOST environment variable

Unfortunately this error doesn't have any additional information. Feel free to kindly ask the author of the @continuous-auth/semantic-release-npm plugin to add more helpful information.

Good luck with your project ✨

Your semantic-release bot 📦🚀

Add support for API Key

In addition to username and password altool also supports API key and issuer. Supporting the later makes electron-notarize much more attractive for use in CI systems.

Keys can be obtained from here: https://appstoreconnect.apple.com/access/api

Here's an excerpt from the help of `altool` version `4.00.1181`

There are two methods available: user name with password, and apiKey with apiIssuer.

                -u, --username <username> Username. Required to connect for validation, upload, and notarization.
                -p, --password <password> Password. Required if username specified and apiKey/apiIssuer are not.
                                          If this argument is not supplied on the command line, it will be read from stdin.
                                          Alternatively to entering <password> in plaintext, it may also be specified using a '@keychain:'
                                          or '@env:' prefix followed by a keychain password item name or environment variable name.
                                          Example: '-p @keychain:<name>' uses the password stored in the keychain password item named <name>.
                                                                         You can create and update keychain items with the
                                                                         --store-password-in-keychain-item command.
                                          Example: '-p @env:<variable>'  uses the value in the environment variable named <variable>

                --apiKey <api_key>        apiKey. Required for JWT authentication while using validation, upload, and notarization.
                                          This option will search the following directories in sequence for a private key file
                                          with the name of 'AuthKey_<api_key>.p8':  './private_keys', '~/private_keys', '~/.private_keys',
                                          and '~/.appstoreconnect/private_keys'.
                --apiIssuer <issuer_id>   Issuer ID. Required if --apiKey is specified.

Error: Failed to upload app to Apple's notarization servers

2019-11-12 15:26:51.464 altool[63763:2512756] Error:
[2019-11-12 15:26:51 CST]

INFO: An error occurred downloading: https://contentdelivery.itunes.apple.com/transporter/repositories/j2se8/2.0.0/bundles/org.xerial.sqlite-jdbc-3.27.2.1.jar Connection reset Exception's name: java.net.SocketException, Exception's message: Connection reset

I look at this function，
const notarizeArgs = [
'altool',
'--notarize-app',
'-f',
zipPath,
'--primary-bundle-id',
opts.appBundleId,
...authorizationArgs(opts),
];

if (opts.ascProvider) {
  notarizeArgs.push('-itc_provider', opts.ascProvider);
}

const result = await spawn('xcrun', notarizeArgs);
if (result.code !== 0) {
  throw new Error(`Failed to upload app to Apple's notarization servers\n\n${result.output}`);
}

export const spawn = (
cmd: string,
args: string[] = [],
opts: SpawnOptions = {},
): Promise => {
d(
'spawning cmd:',
cmd,
'args:',
args.map(arg => (isSecret(arg) ? '*********' : arg)),
'opts:',
opts,
);
const child = cpSpawn(cmd, args, opts);
const out: string[] = [];
const dataHandler = (data: Buffer) => out.push(data.toString());
child.stdout!.on('data', dataHandler);
child.stderr!.on('data', dataHandler);
return new Promise(resolve => {
child.on('exit', code => {
d(cmd ${cmd} terminated with code: ${code});
resolve({
code,
output: out.join(''),
});
});
});
};

I don't know how this could happen，What should I do。

altool error

Hi! I have the next error during notarization

Error: Failed to find request UUID in output:

2019-10-22 04:13:50.995 altool[40274:1946835] *** Error: Unable to validate your application. We are unable to create an authentication session.

Signed electron app does not start with iohook on OSX (Unhandled Errpr: no suitable image found)

I have a signed and notarized App where I want to use iohook to simulate key taps. I had no problems building iohook locally but when I run it through the CI, where I sign and notarize the app, the app throws the following error upon starting:

Error: Failed to upload: XML document structures must start and end within the same entity.

Hmm, very strange.
Everything worked before. No new agreements to sign at developer.apple.com and appstoreconnect.apple.com.

Maybe it has something with installing the latest Catalina supplemental update?

Could someone test that please?

Os X: 10.15.6

"electron-builder": "^22.7.0" (also tried on 22.8.0)
"electron": "8.3.1"
"electron-notarize": "^1.0.0"

Error: Failed to upload app to Apple's notarization servers

2020-08-14 15:46:05.395 altool[4345:35320]  Error:
[2020-08-14 15:46:05 MSK] <main>  INFO: ParseError at [row,col]:[1824,2]
Message: XML document structures must start and end within the same entity. Exception's name: javax.xml.stream.XMLStreamException, Exception's message: ParseError at [row,col]:[1824,2]
Message: XML document structures must start and end within the same entity.
java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at com.apple.transporter.launcher.Application.start(Application.java:220)
        at com.apple.transporter.launcher.Application.main(Application.java:658)
Caused by: com.apple.transporter.bootstrap.BundleNotFoundException: bundle=[org.apache.felix.configadmin] version=[1.9.10,2.0.0) not found.
        at com.apple.transporter.bootstrap.BootstrapperPhase1.downloadNeededBundles(BootstrapperPhase1.java:269)
        at com.apple.transporter.bootstrap.BootstrapperPhase1.bootstrap(BootstrapperPhase1.java:97)
        at com.apple.transporter.bootstrap.BootstrapperPhase1.bootstrap(BootstrapperPhase1.java:59)
        at com.apple.transporter.launcher.Launcher.launchBootstrapper(Launcher.java:37)
        ... 6 more
2020-08-14 15:46:05.409 altool[4345:35320]  Out:
2020-08-14 15:46:05.423 altool[4345:35313] *** Error: Unable to notarize app.
2020-08-14 15:46:05.423 altool[4345:35313] *** Error: code -10000 (An error occurred uploading to the App Store.)

    at node_modules/electron-notarize/src/index.ts:87:13
    at Generator.next (<anonymous>)
    at fulfilled (node_modules/electron-notarize/lib/index.js:4:58)
    at processTicksAndRejections (internal/process/task_queues.js:97:5)

App upload intermittently fails

Periodically I see that uploading the app to Apple fails with this error:

2020-01-23T12:42:46.700Z electron-notarize zip succeeded, attempting to upload to Apple
/Volumes/macbuilder7/workspace/app/node_modules/electron-notarize/lib/index.js:4
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
                                                         ^
Error: Failed to upload app to Apple's notarization servers

2020-01-23 04:42:46.941 altool[28355:10218559] *** Error: Server returned an invalid MIME type: text/plain, body: Unauthenticated

Often, 2-3 concurrent builds will fail in the same way. Restarting them typically makes them pass. It seems the later calls within the notarization process are retried upon failure, and I see this same error successfully recovered from there. Could/should the same logic be applied to the upload step too?

Incorrect error log

Hi there.
I've got an error during notarization (You must first sign the relevant contracts online). But that's not the point. The terminal output log is incorrect. First it outputs an error info ("⨯ Failed to upload app to Apple's notarization servers", ...) then it duplicates it with 11480 spaces indent! See:

This is huge and non-readable piece of text. It can freeze a terminal application.
log notarizing.txt

Exported TypeScript types breaking change in 1.1.0

It appears that #82 made a breaking change to the exported types. src/index.ts no longer exports NotarizeCredentials and TransporterOptions which Electron Packager was using in its TypeScript definition.

Example of the breakage: https://github.com/electron-userland/electron-forge/pull/2434/checks?check_run_id=3284856055