2

My Delphi 10.3.2 app is failing Apple's notarization.

I've been able to get another different app to notarize successfully.

How do I view the log file that contains the results of the failed notarization?

(Xcode's instructions are no help as Xcode seems to think the logs are tied to Xcode product archives and this is a Delphi project.)

Turning on the verbose setting in the PAServer shows the last command using altool to request --notarization-info. This is the only command of its type. The email from Apple informing me that notarization failed arrives shortly after this command.

When my other project successfully notarizes, the --notarization-info command appears dozens of times in the PAServer before it is successful.

I went back and tried to notarize the project that has always succeeded. I got the email from Apple saying it was notarized but Delphi (not the PAServer) showed this error:

[PAClient Error] Error: E5896 2019-07-24 11:16:23.235 altool[2270:146899] *** Error: Apple Services operation failed. Could not find the RequestUUID.

Output from the PAServer:

> command_line: "/usr/bin/plutil" -convert binary1 "/Users/michaelleahy/PAServer/scratch-dir/Mikes SSD Dell-Mikes Dell SSD/ChessOpeningsWizardExpressBuild107.app/Contents/Info.plist"
> command_line: "/usr/bin/codesign" -o runtime --timestamp --entitlements "/Users/michaelleahy/PAServer/scratch-dir/Mikes SSD Dell-Mikes Dell SSD/ChessOpeningsWizardExpressBuild107.entitlements" --deep -s "Developer ID Application: Bookup" -f "/Users/michaelleahy/PAServer/scratch-dir/Mikes SSD Dell-Mikes Dell SSD/ChessOpeningsWizardExpressBuild107.app"
> command_line: "/usr/bin/ditto" -c -k --keepParent "/Users/michaelleahy/PAServer/scratch-dir/Mikes SSD Dell-Mikes Dell SSD/ChessOpeningsWizardExpressBuild107.app" "/Users/michaelleahy/PAServer/scratch-dir/Mikes SSD Dell-Mikes Dell SSD/ChessOpeningsWizardExpressBuild107.app.zip"
> command_line: "/usr/bin/xcrun" altool -t osx --notarize-app --primary-bundle-id com.bookup.chessopeningswizardexpress -u appleid@mysite.com -p lgsp-xxxx-yyyy-xxxx -f "/Users/michaelleahy/PAServer/scratch-dir/Mikes SSD Dell-Mikes Dell SSD/ChessOpeningsWizardExpressBuild107.app.zip"
> command_line: "/usr/bin/xcrun" altool --notarization-info 8a88a10f-3868-4958-8bca-10eea92a305b -u "appleid@mysite.com" -p "lgsp-xxxx-yyyy-xxxx"
> command_line: "/usr/bin/xcrun" altool --notarization-info 8a88a10f-3868-4958-8bca-10eea92a305b -u "appleid@mysite.com" -p "lgsp-xxxx-yyyy-xxxx"
> command_line: "/usr/bin/xcrun" altool --notarization-info 8a88a10f-3868-4958-8bca-10eea92a305b -u "appleid@mysite.com" -p "lgsp-xxxx-yyyy-xxxx"
> command_line: "/usr/bin/xcrun" altool --notarization-info 8a88a10f-3868-4958-8bca-10eea92a305b -u "appleid@mysite.com" -p "lgsp-xxxx-yyyy-xxxx"
> command_line: "/usr/bin/xcrun" altool --notarization-info 8a88a10f-3868-4958-8bca-10eea92a305b -u "appleid@mysite.com" -p "lgsp-xxxx-yyyy-xxxx"
> command_line: "/usr/bin/xcrun" altool --notarization-info 8a88a10f-3868-4958-8bca-10eea92a305b -u "appleid@mysite.com" -p "lgsp-xxxx-yyyy-xxxx"
> command_line: "/usr/bin/xcrun" altool --notarization-info 8a88a10f-3868-4958-8bca-10eea92a305b -u "appleid@mysite.com" -p "lgsp-xxxx-yyyy-xxxx"
> command_line: "/usr/bin/xcrun" altool --notarization-info 8a88a10f-3868-4958-8bca-10eea92a305b -u "appleid@mysite.com" -p "lgsp-xxxx-yyyy-xxxx"
> command_line: "/usr/bin/xcrun" altool --notarization-info 8a88a10f-3868-4958-8bca-10eea92a305b -u "appleid@mysite.com" -p "lgsp-xxxx-yyyy-xxxx"
> command_line: "/usr/bin/xcrun" altool --notarization-info 8a88a10f-3868-4958-8bca-10eea92a305b -u "appleid@mysite.com" -p "lgsp-xxxx-yyyy-xxxx"
> command_line: "/usr/bin/xcrun" altool --notarization-info 8a88a10f-3868-4958-8bca-10eea92a305b -u "appleid@mysite.com" -p "lgsp-xxxx-yyyy-xxxx"
> command_line: "/usr/bin/xcrun" altool --notarization-info 8a88a10f-3868-4958-8bca-10eea92a305b -u "appleid@mysite.com" -p "lgsp-xxxx-yyyy-xxxx"
> command_line: "/usr/bin/xcrun" altool --notarization-info 8a88a10f-3868-4958-8bca-10eea92a305b -u "appleid@mysite.com" -p "lgsp-xxxx-yyyy-xxxx"
> command_line: "/usr/bin/xcrun" altool --notarization-info 8a88a10f-3868-4958-8bca-10eea92a305b -u "appleid@mysite.com" -p "lgsp-xxxx-yyyy-xxxx"
> command_line: "/usr/bin/xcrun" altool --notarization-info 8a88a10f-3868-4958-8bca-10eea92a305b -u "appleid@mysite.com" -p "lgsp-xxxx-yyyy-xxxx"
> command_line: "/usr/bin/xcrun" altool --notarization-info 8a88a10f-3868-4958-8bca-10eea92a305b -u "appleid@mysite.com" -p "lgsp-xxxx-yyyy-xxxx"

I've since guessed at the problem. Apparently an unsigned executable was in the app bundle. In this case, code signing likely failed and Delphi ignored that. Removing the offending executable allowed the app to be notarized.

I can still find no way to view the logs from the notarization process.

Mike at Bookup
  • 1,211
  • 14
  • 32
  • Please turn the verbose setting on in PAServer by using the v command, and report where exactly the failure occurs (it outputs a whole bunch of info during the process) – Dave Nottage Jul 24 '19 at 02:13
  • Thanks for that tip. I've edited the question with the additional info. – Mike at Bookup Jul 24 '19 at 15:08
  • Ok.. that might be a bug in the process that PAServer uses. Can you provide a more complete output, starting from the first command that starts with: /usr/bin/xcrun altool? Make sure you don't include your app-specific password – Dave Nottage Jul 25 '19 at 02:15
  • "I can still find no way to view the logs from the notarization process". Once QP is back up, I'll file an enhancement request – Dave Nottage Jul 29 '19 at 01:24

1 Answers1

5

You must view the logs by running the command line ALTOOL in verbose mode. Here is what I have done:

"/usr/bin/ditto" -c -k --keepParent "/Users/eee/PAServer/scratch-dir/admin-MACMini/eee.Pkg.bak" "/Users/eee/PAServer/scratch-dir/admin-MACMini/eee.Pkg.zip"

"/usr/bin/xcrun" altool -t osx --notarize-app --primary-bundle-id za.co.eee -u eee@eee.co.za -p veet-teee-geee-xeee -f "/Users/eee/PAServer/scratch-dir/admin-MACMini/eee.Pkg.zip"

Notice the --verbose addition to the command line:

"/usr/bin/xcrun" altool --verbose --notarization-info 2ceeeb2c-eeee-eeee-bce8-16fae417eee2 -u "eee@eee.co.za" -p "eeet-eeen-eeh-xdha"

The error message is returned in JSON format. Look out for a URL that you need to copy and paste into your browser. Once you have pasted the URL, another JSON formatted message will be displayed. In there you will find the issue that caused the application not to be notirized:

"message": "The executable does not have the hardened runtime enabled.".

To fix this issue you must enable the following settings in the Delphi IDE:

Project Options -> Application -> Entitlement List

  1. Allow execution of JIT-compiled code = True
  2. Allow unsigned executable memory = True
  3. Disable executable memory protection = True

The notarization process should work now.

pptaszni
  • 5,591
  • 5
  • 27
  • 43
Stiaan Pretorius
  • 51
  • 1
  • 3