Hi Shane & LNS. Firstly thank you VERY much for SD Notary. I use it often to greatly simplify the minefield of Apple notarization for the apps I am making
I have hit a problem however with a couple of Automator applications that I use. The screenshot above shows the very simple one step app that I use to Split PDFs within one of the tools. Even extracting from the tool I cannot seem to code sign it. So far I have tried:
Exporting from Automator with an Developer ID Application attached.
Saving as an app and running through SD Notary
Saving as an app and running the line here before
Placing inside an applet and signing that through SD Notary
I still a report back from Apple that mentions
The signature does not include a secure timestamp.
The executable does not have the hardened runtime enabled.
The signature of the binary is invalid.
Iâm using SD Notary v1.4.3
Hope you can help, let me know if you need anything else from me
Did you save or export from Automator?
If expecting did you codesign in Automator?
When running though SD Notary
Did you change the default settings?
Did you need an app specific password?
Did you press the âSign Only?â button or otherwise
Iâve become accustomed to using sign only in SD Notary and then apply hardened run time to the wrapper app in Xcode.
I have never submitted using SD Notary as I bundle several dozen apps into each main Xcode product app and then use that to sign and apply hardened runtime when building. I then package into a DMG and notarise that through altool
This works well for all my Script Editor apps.
Just not able to do this for the couple of Automator apps I use.
When trying to submit the Automator apps through SD Notary I get:
Package Summary:
1 package(s) were not uploaded because they had problems:
/var/folders/6z/qq359z7s0jlf_0xb5p3k1wj80000gn/T/4CCEDA1B-4C54-43A8-A216-5375350909C9/Untitled.itmsp - Error Messages:
Your Apple ID account is attached to other providers. You will need to specify which provider you intend to submit content to. Please contact us if you have questions or need help. (1627)
Youâre doing it the hard way. Add the apps to your Xcode app, make a release build (Build For Profiling), then use SD Notary to sign that. Everything in the bundle will be signed recursively. Then you can make the .dmg and submit that.
That means you need to supply a Provider short name. Click the Choose⌠button and select the appropriate one.
I am not surprised I am doing it the hard way. It does seem hard but at least it is a way that is working! I add other things to the DMG, so doesnât the DMG then also then need to be notorized?
Yes, I am using app-specific passwords when using SD Notary to successfully âSign OnlyâŚâ my Script Editor made applications and the same app-specific password when using altool though terminal on the final DMG.
Do I need a different app specific password for Automator made applications?
The app-specific password is not used in that case â itâs only used for notarizing.
Iâm not sure I can add much more. If you want to let Xcode do the signing of your main bundle, and to use Terminal for altool, you might as well just use codesign in Terminal to sign the Automator actions, and skip SD Notary altogether.
I have not, as yet, ever used codesign in Terminal. This is what I like SD Notary so much. I havenât had to work out how to do that!
So as it stands I am left unable to sign the Automator made apps using SD Notary in the same way I use SD Notary successfully to sign Script Editor made apps.
Iâm not sure how you can successfully code sign your âApplication Stubâ and I cannot.
âissuesâ: [
{
âseverityâ: âerrorâ,
âcodeâ: null,
âpathâ: âCircularFLO_2020.0.36.dmg/CircularFLO.app/Contents/Resources/Split_PDF.app/Contents/MacOS/Application Stubâ,
âmessageâ: âThe signature of the binary is invalid.â,
âdocUrlâ: null,
âarchitectureâ: âx86_64â
},
{
âseverityâ: âerrorâ,
âcodeâ: null,
âpathâ: âCircularFLO_2020.0.36.dmg/CircularFLO.app/Contents/Resources/Split_PDF.app/Contents/MacOS/Application Stubâ,
âmessageâ: âThe executable does not have the hardened runtime enabled.â,
âdocUrlâ: null,
âarchitectureâ: âx86_64â
}
]
Can you suggest a reason? or if I need to figure how to codesign in Terminal the best resource for that info please?
Thanks again for your time and expertise. Really appreciate it.
The file is being signed fine. The problem is happening when Xcode tries to sign the full app that contains it. If you let SD Notary sign the completed app rather than Xcode, as I outlined above, the problem should go away.
Turn off the hardened runtime in Xcode and just use ad-hoc or signed to run locally. Then use SD Notary to do the signing.
(I suspect Xcode is trying to override the Automator appâs signature. But Automator apps need special treatment because their bundle layout breaches Appleâs recommendations, and Xcode doesnât understand how to do it.)
I am unable to do that currently as I get a âYour Apple ID account is attached to other providers. You will need to specify which provider you intend to submit content to. Please contact us if you have questions or need help.â
Which is untrue (the Apple ID is NOT attached to other providers) and I read on the Apple Dev forums that this may be a bug. This is not a SD Notary problem and so I will attempt to pick that up with Apple.
As and when I have that solved⌠I will try again to use SD Notary to do the signing and confirm back here if I have success!
FWIW, thereâs another tool that can do what SD Notary does, with more options, including the ability to add the âhardened runtimeâ setting to existing code. It also manages your signing certs better and remembers your settings per app.
Itâs not free but I found it worth its money:
I believe version 4 is currently in beta and free to try. Why donât you have a go at it and report back if that helps?
The developer is also very approachable and currently open to any suggestions while working on the new version.