First time that I’ve seen this error with SD Notary. The submission log says:

Warning: altool has been deprecated for notarization and starting in late 2023 will no longer be supported by the Apple notary service. You should start using notarytool to notarize your software.

This causes SDN to reported an error (sorry lost the SDN report so, can’t provide capture). There is a folder on my Desktop entitled “[appletname] - Failed”

There is no notarised copy of the applet saved.

But the SD Notary log says:

15:03:28.909: No errors getting notarization info
Status: success
Status Code: 0
Status Message: Package Approved

If there a way I can force SD Notary to use “notarytool” ?

Thanks.

Can you send me the log for that submission?

Support for using notarytool will come, but it means dropping support for several versions of macOS, so we’re trying to stick with altool as long as possible. SD Notary should be ignoring the deprecation message, so your log would help understanding of why this didn’t happen. Please confirm you’re using version 1.4.12.

Hi, I observed the same error, below is the submission log (replaced privacy related data with “…”).

Thanks for your great software!

12:14:59.237: ****************************************************************************************

Beginning processing of dmg at ‘…’

---

12:14:59.240: Signing main file ‘…’…
12:14:59.907: Result for /usr/bin/codesign --force -o runtime --timestamp --verbose=4 -s Developer ID Application: … --digest-algorithm=sha1,sha256 …
Termination status: 0
StandardOut: (null)
StandardError: (null)
12:15:00.436: Uploading file to Apple for notarizing. This can take a while, depending on file size, upload speed, and any other uploads in progress. Do not interrupt this process…
12:15:11.990: Result for /usr/bin/xcrun altool --notarize-app -f … --output-format xml
Termination status: 0
StandardOut: <?xml version="1.0" encoding="UTF-8"?>

notarization-upload RequestUUID ... os-version 12.6.3 success-message No errors uploading '... tool-path /Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework tool-version 6.043.14043 warnings code -1030 message altool has been deprecated for notarization and starting in late 2023 will no longer be supported by the Apple notary service. You should start using notarytool to notarize your software. userInfo NSLocalizedDescription altool has been deprecated for notarization and starting in late 2023 will no longer be supported by the Apple notary service. You should start using notarytool to notarize your software.

StandardError: (null)
12:15:11.993: Upload result: No errors uploading ‘…’.
12:15:11.997: Checking for the result of Apple’s process. This usually takes several minutes, but could take even longer…
12:15:56.301: Result for /usr/bin/xcrun altool --notarization-info … -u … -p @keychain:SD Notarizing --asc-provider …
Termination status: 0
StandardOut: (null)
StandardError: 2022-12-19 12:15:55.137 *** Warning: altool has been deprecated for notarization and starting in late 2023 will no longer be supported by the Apple notary service. You should start using notarytool to notarize your software. (-1030)

12:15:56.303:

It’s only a warning. The developers have known all about it for ages. You don’t have to do anything about it.

After a few months of no trouble, it’s happening again. I have two logs. The first was shown when I tried to notarise my applet:

The second was shown when I tried to Fetch History:

I’m sorry but, I can’t work out what to do. The app-specific password was old so, I revoked it and created a new one. I’ve check a number of times that it is correctly added to Keychain. The AppleID is correct. I have no team.

Why does the second error report “unable to find utility “altool”, not a developer tool or in PATH” ? Is that because I updated the Xcode and the command line tools yesterday ?

It might be related. Have you changed the path or name of Xcode?

No, I updated both when alerts advised they could be updated. In Xcode 14.3, altool is located in:

Xcode.app:Contents:SharedFrameworks:ContentDeliveryServices.framework:Versions:A:Frameworks:AppStoreService.framework:Versions:A:Support:altool

Did an “echo $PATH” which returned:

/opt/local/bin:/opt/local/sbin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/Little Snitch.app/Contents/Components:/Library/Apple/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin

I had the same problem a few weeks ago but, decided to wait until I was ready to release my applet.

Check in Settings -> Locations that the correct Command Line Tools are selected.

Should it look like this ?

There are no options in the Command Line Tools drop down.

Yes, that’s correct.

As I can’t get SD Notary to work, I’ve tried to manually notarise my applet. That fails also but with this error:

Error: No Keychain password item found for profile:

I have checked the app-specific password in my Keychain. The name is correct, the account is correct (my AppleID) and the password is correct. In desperation, I set Access Control to “Allow all applications to access this item” but that gained no improvement.

Does anyone have an idea on what I’ve got wrong ?

Thanks.

So essentially you’re getting the same error both at the command line and SD Notary, which is at least good news from my point of view .

Have you logged into your developer account and checked there are no updated agreements you haven’t yet agreed to? That can lead to this sort of (misleading) error.

I did check the agreements on Monday. I’ve check again:

Another wrinkle is that the AppleID I use when logged into the user account I use for development is different to the AppleID I use for my Developer Account. It has been that way for years but, in case it was am issue, I signed out of the usual AppleID and signed in to the Developer AppleID. That was a pile of pain with various passwords and passcodes and passkeys and whatever but eventually, I was signed in. Then, tried to notarise my applet with SD Notary => same error as before.

Later this morning, I’m going to check permissions on the various keychain db files in case that’s an issue. I’ll also make a plea for help on the Developer Forum – although, they tend to reply with RTFM.

UPDATE: I have tried to notarise the applet from th command line using “notarytool”. That has failed as reported above. Just now, I tried to notarize using the “altool”. The result was:

xcrun: error: unable to find utility “altool”, not a developer tool or in PATH

Odd as “altool” is located [deeply] inside the Xcode bundle. I dragged a copy of “altool” into “/Library/Developer/CommandLineTools/usr/bin/” [where “notarytool” is located] and tried again. Result was this:

~ % xcrun altool --help
dyld[1819]: Library not loaded: @rpath/ITunesConnectFoundation.framework/Versions/A/ITunesConnectFoundation
Referenced from: /Library/Developer/CommandLineTools/usr/bin/altool
Reason: tried: ‘/Library/Developer/CommandLineTools/usr/bin/…/…/…/…/…/Frameworks/ITunesConnectFoundation.framework/Versions/A/ITunesConnectFoundation’ (no such file), ‘/Library/Developer/CommandLineTools/usr/SharedFrameworks/ContentDeliveryServices.framework/Frameworks/ITunesConnectFoundation.framework/Versions/A/ITunesConnectFoundation’ (no such file), ‘/Library/Developer/CommandLineTools/usr/bin/…/…/…/…/…/…/…/…/…/SharedFrameworks/ITunesConnectFoundation.framework/Versions/A/ITunesConnectFoundation’ (no such file), ‘/Library/Developer/CommandLineTools/usr/bin/…/…/…/…/…/…/…/…/…/Frameworks/ITunesConnectFoundation.framework/Versions/A/ITunesConnectFoundation’ (no such file), ‘/Library/Developer/CommandLineTools/usr/bin/…/…/…/…/…/Frameworks/ITunesConnectFoundation.framework/Versions/A/ITunesConnectFoundation’ (no such file), ‘/Library/Developer/CommandLineTools/usr/SharedFrameworks/ContentDeliveryServices.framework/Frameworks/ITunesConnectFoundation.framework/Versions/A/ITunesConnectFoundation’ (no such file), ‘/Library/Developer/CommandLineTools/usr/bin/…/…/…/…/…/…/…/…/…/SharedFrameworks/ITunesConnectFoundation.framework/Versions/A/ITunesConnectFoundation’ (no such file), ‘/Library/Developer/CommandLineTools/usr/bin/…/…/…/…/…/…/…/…/…/Frameworks/ITunesConnectFoundation.framework/Versions/A/ITunesConnectFoundation’ (no such file), ‘/System/Library/Frameworks/ITunesConnectFoundation.framework/Versions/A/ITunesConnectFoundation’ (no such file, not in dyld cache)
zsh: abort xcrun altool --help

UPDATE 2: Some progress. I used notarytool to add a new login item:

xcrun notarytool store-credentials --apple-id “[my appleid]” --team-id “[my team id]”

Entered a new profile name and the app-specific password. Result included:

Validating your credentials…
Success. Credentials validated.
Credentials saved to Keychain.

Weirdly, I can’t see that new item in Keychain Access. Where could it be ?

Anyway, I then tried notarytool again to notarize my applet. This time, it uploaded and was processed. But, it failed with the following on every executable in the applet bundle:

“The executable does not have the hardened runtime enabled.”

I think this means that notarytool could see the new Keychain login item. So, I tried to use that in SD Notary. But, that failed again with:

Unknown problem using altool. Check that the app-specific password, Apple ID, and team provider name are correct.

The fact that I can’t see the new login item in Keychain Access probably means something. Next, will try to enable hardened runtime on all the executables.

UPDATE 3: Success, I think. Took 5 hours but, I have a run-only, code-signed, notarised and stapled applet. This was the process:

1. Export run-only applet from Script Debugger (signed with entitlements)

2. Probably not needed but, didn’t hurt:

codesign -s “[team ID]” -o runtime --timestamp --deep -f [name of].app

For some reason, the notarising process did not see that all executables were signed when exported from SD so, I had to manually code-sign the applet. I ended up to code-signing each executable separately. Probably, I miss-typed the codesign command but, it still worked enough:

codesign -s “[team ID]” -o runtime --timestamp --deep -f [name of].app/Contents/MacOS/applet
codesign -s “[team ID]” -o runtime --timestamp --deep -f [name of].app/Contents/Resources/[other executables]

3. Make the applet into an archive using “ditto”. NB, the result of Finder’s “Compress” command didn’t work with the notarise process.

ditto -c -k --sequesterRsrc --keepParent [name of].app ~/Desktop/[name of].zip

4. Submit for notarization. NB I still cannot see the app-specific password in Keychain Access.

xcrun notarytool submit “[name of].zip” --keychain-profile “[profile name]” --wait

5. Tried to staple the notarized app but bounced with error: “xcode-select: error: tool ‘stapler’ requires Xcode, but active developer directory ‘/Library/Developer/CommandLineTools’ is a command line tools instance”. I checked “Locations” settings in Xcode – they were all correct. So, had to switch to an admin user account and get stapling to work:

sudo xcode-select -r
stapler staple

6. Switched back to developer user account to staple the notarized app:

stapler staple /Users/macytdl/Desktop/[Name of].app
Processing: /Users/macytdl/Desktop/[Name of].app
Processing: /Users/macytdl/Desktop/[Name of].app
The staple and validate action worked!

I wish I could get SD Notary to work. Maybe the Xcode reset I did will help. But, how do I get SD Notary to use the app-specific password when I can’t see it ?

UPDATE 4: SD Notary is working again.

As expected, SD Notary bounced the new profile I had used with notarytool:

Invalid Apple ID, or invalid key for app-specific password in login keychain.

So, I entered the name of the old app-specific password – which had failed before => Success.

14:44:10.201: The submission has been notarized and will now be stapled…
14:44:10.790: Stapling succeeded.

Perhaps the problem was that after updating to macOS 13.3, I installed Xcode 14.3 and, after that, the CommandLineTools. I think to get SD Notary to work it was necessary to issue the “sudo xcode-select -r”.

Many thanks to Dr Google; StackOverFlow; and the author of NotarizeApp.

Selecting the right version in Xcode’s Settings/Preferences does the same thing.

I wonder if a restart after updating Xcode would have solved the problem.

It’s a new security measure. Credentials stored by notarytool cannot be retrieved any other way.

There was no choice visible. There was one entry in the drop down control beside “Command Line Tools”. Despite that I selected and clicked it many times with no effect.

I’ve checked that I really did update Command Line Tools:

~ % softwareupdate --history | grep “Command Line Tools for Xcode”
Command Line Tools for Xcode 13.4 20/05/2022, 15:18:14
Command Line Tools for Xcode 14.0 14/09/2022, 11:18:51
Command Line Tools for Xcode 14.2 09/03/2023, 14:47:07
Command Line Tools for Xcode 14.3 31/03/2023, 11:25:11

I’ve just looked at your screenshot above again. I didn’t notice it before, but you can see it says (No Xcode Selected). That’s very odd – something weird happened with the installation, by the look of it.