Debug mac app notarize issuecOS App
Debugging Common macOS App Notarization Issues
Notarizing macOS apps through Xcode often works smoothly, but challenges may arise when attempting to perform notarization in a Continuous Integration (CI) environment.
In my case, I use Fastlane’s notarize service in CI, but encountered vague errors without useful information, such as:
!’: [!] Could not notarize package with message ‘’ (FastlaneCore::Interface::FastlaneError)
The problem might be codesigning issue or hardened runtime not enabled.
To obtain more detailed insights into the notarization process, use the command line to get a list of notarizing history you submitted
xcrun notarytool history — keychain-profile "AC_PASSWORD"
AC_PASSWORD here represents the App Store Connect login credentials saved in your keychain. If you don’t have one, you can create it with the following command:
xcrun notarytool store-credentials "AC_PASSWORD" --apple-id AC_USERNAME" --team-id <WWDRTeamID> --password <secret_2FA_password>
You will receive a response similar to this:
Successfully received submission history.
history
--------------------------------------------------
createdDate: 2022-07-10T07:10:34.822Z
id: 11b77adb-4b92-4342-8451-94ff03250c08
name: your_app.app.zip
status: Invalid
--------------------------------------------------
createdDate: 2022-07-09T16:15:50.651Z
id: 7a48b70b-3046-4eb3-a0a1-e3697e2dx396
name: your_app.dmg
status: Accepted
--------------------------------------------------
createdDate: 2022-07-09T15:55:44.196Z
id: 03a0d79e-978c-4e45-81a2-f3sdd57d33d1
name: your_app.dmg
status: Accepted
--------------------------------------------------
createdDate: 2022-07-09T15:41:24.994Z
id: d7bbf988-a69f-4ef3-ade2-48739c45353
name: your_app.dmg
status: Invalid
--------------------------------------------------
Identify the invalid status entry, copy its ID, and retrieve the actual error information with the command:
xcrun notarytool log 11b77adb-4b92-4342-8451-94ff03250c08 --keychain-profile "AC_PASSWORD" developer_log.json
This will save the detailed error information to developer_log.json.
In my case, the error was related to the hardened runtime not being enabled in a command-line tool embedded in my app. Armed with the actual error information, it becomes easier to address the issue.
In my situation, I resolved the problem by re-signing the command-line tool with the following command:
codesign --force --options runtime --sign "Developer ID Application: XXX PTY LTD (TEAM_ID)" CommandLineTool
After these adjustments, I re-ran the Fastlane notarize command, and the problem was resolved. If this solution does not address your specific issue, I highly recommend referring to the official Apple documentation on “Customizing the Notarization Workflow,” available here
Additionally, for Fastlane notarize, consider using the App Store Connect API instead of username and password as secret environment variables. Encrypt your secret key before adding it to your git repository for added security. Further details can be found in this post, which discusses certificate encryption but is also applicable to the App Store Connect API secret key.
By following these steps, you can effectively address macOS app notarization challenges and ensure a seamless distribution process for your applications.