Our MacOS application is Java/jar code packaged with JRE and few Python and Bash scripts. The shipping format is PKG. Starting from Catalina we have issues with the notarization process. The PKG is notarized per Apple documentation and "staple validate" says:
Processing: /Users/user/projects/osx/proc/target/signed.product.pkg
Properties are {
NSURLIsDirectoryKey = 0;
NSURLIsPackageKey = 0;
NSURLIsSymbolicLinkKey = 0;
NSURLLocalizedTypeDescriptionKey = "Installer package";
NSURLTypeIdentifierKey = "com.apple.installer-package-archive";
"_NSURLIsApplicationKey" = 0;
}
Sig Type is RSA. Length is 3
Sig Type is CMS. Length is 3
Package signed.product.pkg uses a checksum of size 20
Terminator Trailer size must be 0, not 3416
{magic: t8lr, version: 1, type: 2, length: 3416}
Found expected ticket at 151375717 with length of 3416
JSON Data is {
records = (
{
recordName = "2/1/ad6df2e38bee327fa8d92cc18376e9e3a0544cb3";
}
);
}
Headers: {
"Content-Type" = "application/json";
}
Domain is api.apple-cloudkit.com
Response is <NSHTTPURLResponse: 0x7fd65e808ac0> { URL: https://api.apple-cloudkit.com/database/1/com.apple.gk.ticket-delivery/production/public/records/lookup } { Status Code: 200, Headers {
"Apple-Originating-System" = (
UnknownOriginatingSystem
);
Connection = (
"keep-alive"
);
"Content-Encoding" = (
gzip
);
"Content-Type" = (
"application/json; charset=UTF-8"
);
Date = (
"Tue, 24 Sep 2019 06:10:54 GMT"
);
Server = (
"AppleHttpServer/e70a1a237a4f"
);
"Strict-Transport-Security" = (
"max-age=31536000; includeSubDomains;"
);
"Transfer-Encoding" = (
Identity
);
Via = (
"xrail:st13p00ic-zteu25203601.me.com:8301:19B135:grp60",
"icloudedge:sv05p00ic-ztde010716:7401:19RC512:San Jose"
);
"X-Apple-CloudKit-Version" = (
"1.0"
);
"X-Apple-Request-UUID" = (
"40f7db26-f1ee-4af2-9db8-f83f7de55ce6"
);
"X-Responding-Instance" = (
"ckdatabasews:16300501:st42p63ic-ztfb05111901:8201:1917B122:5619602cc516f30b4d2db23ce52800aafe114e31"
);
"access-control-expose-headers" = (
"X-Apple-Request-UUID, X-Responding-Instance",
Via
);
"apple-seq" = (
0
);
"apple-tk" = (
false
);
} }
Size of data is 5169
JSON Response is: {
records = (
{
created = {
deviceID = 2;
timestamp = 1569243563364;
userRecordName = "_d28c74d190a3782e89496b0a13437fef";
};
deleted = 0;
fields = {
signedTicket = {
type = BYTES;
value = "czhjaAEAAADvBQAAEQcAADCCBeswggL9MIICpKADAgECAghyVR35ZD6UaDAKBggqhkjOPQQDAjByMSYwJAYDVQQDDB1BcHBsZSBTeXN0ZW0gSW50ZWdyYXRpb24gQ0EgNDEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MDUyMTIwMTIwMVoXDTIwMDYxOTIwMTIwMVowRDEgMB4GA1UEAwwXU29mdHdhcmUgVGlja2V0IFNpZ25pbmcxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEcM02cIkH7otsVJzD3Bt6AjHCHVsyVrAqKLr95MykwzNMtiK+ZhzkJdc6QFwM8M6XzCobq/Kvt5tW1yj+/yds0KOCAVAwggFMMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUeke6OIoVJEgiRs2+jxokezQDKmkwQQYIKwYBBQUHAQEENTAzMDEGCCsGAQUFBzABhiVodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLWFzaWNhNDAyMIGWBgNVHSAEgY4wgYswgYgGCSqGSIb3Y2QFATB7MHkGCCsGAQUFBwICMG0Ma1RoaXMgY2VydGlmaWNhdGUgaXMgdG8gYmUgdXNlZCBleGNsdXNpdmVseSBmb3IgZnVuY3Rpb25zIGludGVybmFsIHRvIEFwcGxlIFByb2R1Y3RzIGFuZC9vciBBcHBsZSBwcm9jZXNzZXMuMB0GA1UdDgQWBBRYmLDEYCL4LthLgvzPxOkatBKchzAOBgNVHQ8BAf8EBAMCB4AwEAYKKoZIhvdjZAYBHgQCBQAwCgYIKoZIzj0EAwIDRwAwRAIgG39IK5gVF0xyZXM3j31gq1chV/pBWnkoj8Ia3FZlgK8CIFmwlWdAPXNY8XlSKwI4X1BKQ6QN3unHIu2cSE9WErJEMIIC5jCCAm2gAwIBAgIIMw3u+L9MaC4wCgYIKoZIzj0EAwMwZzEbMBkGA1UEAwwSQXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMTcwMjIyMjIyMzIyWhcNMzIwMjE4MDAwMDAwWjByMSYwJAYDVQQDDB1BcHBsZSBTeXN0ZW0gSW50ZWdyYXRpb24gQ0EgNDEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBmukVm99nyfRzjaOkhtWzVQ2ZErJlGiZ+skgfuL1WA/c4mrrGUcvLu87pAG0ARNEfFomraCcKSWK5eYGb098WqOB9zCB9DAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFLuw3qFYM4iapIqZ3r6966/ayySrMEYGCCsGAQUFBwEBBDowODA2BggrBgEFBQcwAYYqaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwMy1hcHBsZXJvb3RjYWczMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlcm9vdGNhZzMuY3JsMB0GA1UdDgQWBBR6R7o4ihUkSCJGzb6PGiR7NAMqaTAOBgNVHQ8BAf8EBAMCAQYwEAYKKoZIhvdjZAYCEQQCBQAwCgYIKoZIzj0EAwMDZwAwZAIwFQypjsavlmlrp5/dXNQDWWyuUtRgxot24LfFovEJfOCa42ux43wxxCd6p46J/at3AjBhMyDxKf/5hzKuKchkPXZ7UaTSAi92vmAikfHVOnXctOLGKpb+xgncSk/VJPD8yrJnOHRrAgAUAFUAAAAAAAAATM+IXQAAAAABrW3y44vuMn+o2SzBg3bp46BUTLMC5EQv0/hTABwGeDNINIxB3Ty21MECHeN1EEmlL7VYDORjo6myoGwgpKkCh9erOmpeMikWdB+v+h0xq8itB28CioYHNPpMqzeSzXtD0cWqLO9nPiEC64Nc7ZWhoUb+vxyqJTG0uBYyt/IChEeiEO+uWf/br6gioEK6N60GINwC4Q7lokAvrzdXpXzdjx+zyW6sy2ACNRwpCDkisoh0mByppv1gZAUYa1ACJAiALorOmLa/3NI8PO0epnNX6kMCUwZ2SDg4q/YFqzASgQwB3h2y7EYC3+Ieuq1+vlouRDnG0Q0FnD/5tYwCEIMgrYC+eL7WYa+Lh+hJbwQLpvUCdqw0y44OL+DhCk/c79+PcUed/OMCoalN4qJruqlQeqtvxonYrilPMfECeHxPL0YswLVA38A7oknkiC0MTPsChtcBV1BaAkLh+EO1zIgKRcAcbukCs2KReeE+yZghc8Tt9QqmNJNYfBACFygqr3YtIOXKYTib7mFO5U2F/YgCNE6wFUxTzFelIGebM5gZFBymI5EC+5ruzxSAU7NEt/+8To5KT1LeCcYCTHdbLjBzm+OanYbh0j+9OvYIiRsCvWbPmclEytGUxEtI8nuUijHprMoCzrti8OHauZr7vvkrDzvMQIqn+1ACKWrRLrGhkxsE6cgMvmjug9irQwICa2v4VWAcBE+tmZ6qxJUzxJh583YCR3XYyBLV8LpdYmzcxcf1giVx6ywCYiLhYZjuxzIn95/TWnzXFK7afdMCOwZY8+gG1eqfnL6GPCjyhfO2BO0CfX01E9L9gu8t6fMEeCw9pbGiZ3oCYUu2y49cv2ky3uJ9q1r79pj4l4UCyc6DawTcQOSLjlTsHOziPL8uPPsCer6bj+k2lZzys/nXzNL7P9ce2pICDvo4MtkTgctzO0MJD44AaRujdjkCJZxl9C+vZ2WxvHkk45EUCQWJ/fgCD0T5T1p52sXXTsAb159VJp39cXsCmduHzAb0KCPmDSpkdhuj3JdRTyoCwgmzIC1g0y2EvNjpOtXhaRZMP00CtWshyOpZayRPaLWAlu05ZWhVA2ICkufnsUZ0esbKHE5mSkYOF63LDaECPanNxRg49qDTvdtD1tRUcVg+Bg4C92ZzB4qlJ8FWSg9AjuiyGZescnMCKUEpdbvXvw7p9AJ8snu9SGtzwFcC23Ih1LPUT3t+65PAc/nCEMz4SaMCMOxRU64KpwBT8TwLDFmAa1b+X4YCfa/gS4bZ4IQxlpDZEZy+9gOQN5wCRjVa11CI6ChQFHe7KfkYyE15WfICTfSds4Ujxp6+Rmd3npwGxFbDwJkCPTSvF5htuWkbnBPfH5WQGSLAdU4CmsqCoFodYkzAtuzKPeOptb2ljVUC7zdlAXPchrVq9P7fb+KRnu7rjggC2oP4qwJwJ+Kfriw/9uUb45OoPdoC48JIPVZwSBx9CjlnCs7ZKxyoZtYCrhmXwW2pYNVlMfXBEWry92xor1gCcVdNWvNRcW+SlBQSZEpvFAqEJrACYktevHlvri3x3d3mu12rJTHPweUCpnSqAlcezHbX4Daw6vyyINVEHTAC3mwzNo7KhMtixG0sInVGjW++nYQCBPSewF6pJGzB/dBUYPZoxDrwP3ICjmulPtpXapbigDjBkwou5QjAlIMCOWXejHj17LUSiKpmiry7Q8t7+QUCkBQ9hizM05/bGF1wUiMKNJETresCCms359jD3EnFB8rYMRnD987FXtsCETPXuGMQrjqb5qyi0z9LXDkEKHwC6vS0AJSYJn+Fr6+HBaybK/qwzIgCx4j6/BJ75DU4FsAYCMlKs25rwoMCVqhbHRgNOOj/23OhzVGvCqr9DJYCdMl6m+2yuBHvqYHY6qU759Q5e54C+JkIP72PuEmwogrRoiu4k4SSPq8CerQzpO7uoEqhjZwx9iuJY2zT4VUC9eC280CjyuItXYbU9k0C07KgEfACN7wycuTwGkYgHpdo+c+pHHtl/L8CyD3OmGxEFcqRVuFFDnL3gphDbKkCa9xRMhggUtLQNZJ0IA2EQbz3w2UCcFNyhODkD2oPM8EI590901qn0qACV5TfEj68sqsd3sSZg/jbXUfsixICKGwIx+jBHQk7q/Xnun0lZGccKZUCms/Vu7+zV5chE10PKidLqVKQmMwCaeix8pOee2KBao7y+Ntdo5d7v2ECa6W4ZNzbjTXkyvE5Zi/qT4HOYwYC4icChG0sTtaUB31uMa7xii0gDEACD3EXemO1BicfiWVJzo2zZLdwQjYCoY1WxYFypjPXHH+Z1PxXeLXxm54CezSi2ohI6P8hPl68d9jYLdGM8LYCeM2Vxq3FDsliVZRF/7d4VsPa50owRQIgJFhXVLK0jnYPUJYwR7Wiyn7OCLbrYi2Y5wZ1tOxs17kCIQCf31QPmRewxFl/xhsUQERJKZ/rqBl8LmBbMg/oRX8mygA=";
};
};
modified = {
deviceID = 2;
timestamp = 1569247052443;
userRecordName = "_d28c74d190a3782e89496b0a13437fef";
};
pluginFields = {
};
recordChangeTag = k0wf3mub;
recordName = "2/1/ad6df2e38bee327fa8d92cc18376e9e3a0544cb3";
recordType = DeveloperIDTicket;
}
);
}
Downloaded ticket has been stored at file:///var/folders/73/9y0xfbc15js0h2c_cpr5qjkr0000gp/T/40f7db26-f1ee-4af2-9db8-f83f7de55ce6.ticket.
The validate action worked!
The notarized PKG installs well on the same machine where created but fails on other Catalinas.
What could be wrong?
