Print notarization log on failure #1472
Comments
wiktor-k
added
the
enhancement
|
Agreed that this sounds like a worthwhile addition. In terms of implementation - I think you've found the right location for the code; the complication will be extracting the job ID so it can be passed into the request. |
|
Yep. I think that a smaller improvement, just mentioning in the error message that |
freakboy3742
added
the
good first issue
|
@wiktor-k Those pyside6 errors look unfortunately familiar, and this is probably a separate issue, but did you manage to address those and successfully sign & notarize that app? c.f. glyph/Encrust#7 — I am wondering if I need to pile more horrible hacks into my own tool or if briefcase has already figured out the correct technique here. |
Retrying the process got me a signed and notarized app. I don't think the second try ever failed but I'm not 100% sure. I'm actually super curious why notarization considers the binary unsigned (as evidenced by the log I attached) even though I'm sure briefcase signed it before notarization but sadly I don't have that much time to debug it in detail 😞 |
Briefcase is a bit more thorough about its discovery of which files to sign, so it should have caught this) but Qt is doing something weird that makes the usual code-signing process break. |
|
Working on this at Pycon 2024 |
What is the problem or limitation you are having?
When notarization fails it's not clear what went wrong.
Describe the solution you'd like
Automatically fetch the notarization log (e.g.
xcrun notarytool log 7d9249fb-f9ac-4bb1-b296-256ebabff66b --apple-id ... --team-id ...) and display to the user.Describe alternatives you've considered
Display a help message on notarization error printing the command the the user can run to learn more.
Additional context
Just for the record a sample log:
{ "logFormatVersion": 1, "jobId": "7d9249fb-f9ac-4bb1-b296-256ebabff66b", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "pks-2.0.0.dmg", "uploadDate": "2023-09-29T07:40:29.653Z", "sha256": "40125eba88640082a9f1098d9bb133cc584cf4c59c44e25c8e0e1431f9dd2eac", "ticketContents": null, "issues": [ { "severity": "error", "code": null, "path": "pks-2.0.0.dmg/pks.app/Contents/Resources/app_packages/PySide6/Qt/lib/QtWebEngineCore.framework/Versions/A/QtWebEngineCore", "message": "The signature of the binary is invalid.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735", "architecture": "x86_64" }, { "severity": "error", "code": null, "path": "pks-2.0.0.dmg/pks.app/Contents/Resources/app_packages/PySide6/Qt/lib/QtWebEngineCore.framework/Versions/A/QtWebEngineCore", "message": "The signature of the binary is invalid.", "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087735", "architecture": "arm64" } ] }For the record I think the change should be somewhere around here. Submission errors are not the only ones that can trigger failure.
The text was updated successfully, but these errors were encountered: