search

hydraulic-software / conveyor

Gradle plugin, user guide and discussion forums for Conveyor
https://conveyor.hydraulic.dev
Apache License 2.0
123 stars 9 forks source link

macos notarization missing secure timestamp #21

Closed ennerf closed 2 years ago

ennerf commented 2 years ago

Describe the bug

I followed the instructions on https://conveyor.hydraulic.dev/1.1/keys-and-certificates/#if-you-want-certificates to generate the distribution certificate, set app.mac.certificate to the resulting .cer file, and filled out the app.mac.notarization info. The app gets signed and uploaded, but I get invalid signature errors due to a missing timestamp.

resolving_common_notarization_issues

Full Output

❌ Apple did not approve the notarization request for submission <id>.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/MacOS/Scope: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/MacOS/Scope: The signature does not include a secure timestamp.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/MacOS/logviewer: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/MacOS/logviewer: The signature does not include a secure timestamp.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/MacOS/streamviewer: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/MacOS/streamviewer: The signature does not include a secure timestamp.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/MacOS/imitation: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/MacOS/imitation: The signature does not include a secure timestamp.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libnet.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libnet.dylib: The signature does not include a secure timestamp.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libnio.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libnio.dylib: The signature does not include a secure timestamp.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libinstrument.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libinstrument.dylib: The signature does not include a secure times
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libjavafx_iio.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libjavafx_iio.dylib: The signature does not include a secure times
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libzip.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libzip.dylib: The signature does not include a secure timestamp.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libfreetype.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libfreetype.dylib: The signature does not include a secure timesta
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libsplashscreen.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libsplashscreen.dylib: The signature does not include a secure tim
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libdt_socket.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libdt_socket.dylib: The signature does not include a secure timest
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libj2pkcs11.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libj2pkcs11.dylib: The signature does not include a secure timesta
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libjimage.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libjimage.dylib: The signature does not include a secure timestamp
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libosxui.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libosxui.dylib: The signature does not include a secure timestamp.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libjdwp.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libjdwp.dylib: The signature does not include a secure timestamp.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libawt_lwawt.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libawt_lwawt.dylib: The signature does not include a secure timest
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libglass.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libglass.dylib: The signature does not include a secure timestamp.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libjavajpeg.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libjavajpeg.dylib: The signature does not include a secure timesta
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libmlib_image.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libmlib_image.dylib: The signature does not include a secure times
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libjavafx_font.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libjavafx_font.dylib: The signature does not include a secure time
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libmanagement.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libmanagement.dylib: The signature does not include a secure times
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libjsound.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libjsound.dylib: The signature does not include a secure timestamp
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libjsig.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libjsig.dylib: The signature does not include a secure timestamp.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libprefs.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libprefs.dylib: The signature does not include a secure timestamp.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libjawt.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libjawt.dylib: The signature does not include a secure timestamp.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libattach.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libattach.dylib: The signature does not include a secure timestamp
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libprism_common.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libprism_common.dylib: The signature does not include a secure tim
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libprism_es2.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libprism_es2.dylib: The signature does not include a secure timest
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libfontmanager.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libfontmanager.dylib: The signature does not include a secure time
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/jspawnhelper: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/jspawnhelper: The signature does not include a secure timestamp.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libosxsecurity.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libosxsecurity.dylib: The signature does not include a secure time
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libdecora_sse.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libdecora_sse.dylib: The signature does not include a secure times
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/liblcms.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/liblcms.dylib: The signature does not include a secure timestamp.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libverify.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libverify.dylib: The signature does not include a secure timestamp
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libjava.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libjava.dylib: The signature does not include a secure timestamp.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libawt.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libawt.dylib: The signature does not include a secure timestamp.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libosx.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libosx.dylib: The signature does not include a secure timestamp.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libprism_sw.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libprism_sw.dylib: The signature does not include a secure timesta
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libosxapp.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/libosxapp.dylib: The signature does not include a secure timestamp
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/server/libjvm.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/server/libjvm.dylib: The signature does not include a secure times
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/server/libjsig.dylib: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/runtime/Contents/Home/lib/server/libjsig.dylib: The signature does not include a secure time
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/Autoupdate: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/Autoupdate: The signature does not include a secure
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/Autoupdate: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/Autoupdate: The signature does not include a secure
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/Sparkle: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/Sparkle: The signature does not include a secure tim
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/Sparkle: The signature of the binary is invalid.
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/Sparkle: The signature does not include a secure tim
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/Updater.app/Contents/MacOS/Updater: The signature of
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/Updater.app/Contents/MacOS/Updater: The signature do
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/Updater.app/Contents/MacOS/Updater: The signature of
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/Updater.app/Contents/MacOS/Updater: The signature do
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/org.sparkle-project.Downloader.xpc/Conte
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/org.sparkle-project.Downloader.xpc/Conte
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/org.sparkle-project.Downloader.xpc/Conte
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/org.sparkle-project.Downloader.xpc/Conte
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/org.sparkle-project.InstallerLauncher.xp
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/org.sparkle-project.InstallerLauncher.xp
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/org.sparkle-project.InstallerLauncher.xp
   • There was a problem of severity 'error' with scope-1.7.5-mac-amd64.zip/Scope.app/Contents/Frameworks/Sparkle.framework/Versions/B/XPCServices/org.sparkle-project.InstallerLauncher.xp
mikehearn commented 2 years ago

That's odd because it definitely does do the time-stamping step, and we notarize apps successfully all the time here. Either something changed this morning or there's an unexpected issue with your config/setup that isn't being caught earlier.

This one will benefit from logs and those can contain sensitive stuff (not passwords etc, those are redacted, but e.g. your config), so if you could please email contact@hydraulic.software we'll give you a command for enhanced logging and we'll take it from there.

mikehearn commented 2 years ago

The bug was identified and a fix will ship in the next update, which should be next week. Closing this issue.