App Wrapper 3.9 Beta 4, now with Hardened Runtime & Notarization

  1. ‹ Older
  2. 3 months ago

    Philip C

    Nov 7 Pre-Release Testers, Xojo Pro Cooroy, QLD, Australia

    For uploads, need to prove an app specific password. Does that mean one needs to use Apple's methodology for initial upload and set up before using this function in AppWrapper?

  3. Sam R

    Nov 7 Pre-Release Testers, Xojo Pro Hengchun, Pingtung, Taiwan

    @Philip C For uploads, need to prove an app specific password. Does that mean one needs to use Apple's methodology for initial upload and set up before using this function in AppWrapper?

    In the tests that I’ve done; I’ve not set any specific passeords per application. And only used my code to upload.

  4. Jerry F

    Nov 12 Pre-Release Testers, Xojo Pro Florissant MO USA

    This is the log error I get when I try. This is after signing and hardening the app, then creating/signing the dmg with DMG Canvas. This is on 10.14.1 with Xcode 10.1. Command line utilities are installed (at least Homebrew is happy), so I don't know what I'm missing.

    11/12/18 5:12:02 PM StatusChanged: Ready to submit to Apple.
    11/12/18 5:12:07 PM StatusChanged: Queued for upload.
    11/12/18 5:12:07 PM StatusChanged: Uploading 11.1 MB to Apple...
    11/12/18 5:12:07 PM xcrun: error: unable to find utility "altool", not a developer tool or in PATH

    11/12/18 5:12:07 PM Unable to convert the upload response into a dictionary
    11/12/18 5:12:07 PM StatusChanged: Unable to process the result, please see the log

  5. Jerry F

    Nov 12 Pre-Release Testers, Xojo Pro Florissant MO USA

    Never mind--- sudo xcode-select --switch /Applications/Xcode.app fixed it :-)

  6. Sam R

    Nov 12 Pre-Release Testers, Xojo Pro Hengchun, Pingtung, Taiwan

    @Jerry F Never mind--- sudo xcode-select --switch /Applications/Xcode.app fixed it :-)

    Interesting; thanks for the information. Had you actually opened Xcode 10.1?

  7. Björn E

    Nov 13 Pre-Release Testers, Xojo Pro Iceland

    I had to also do that when I did my first Stamping about 2 weeks ago.

    @Sam R Interesting; thanks for the information. Had you actually opened Xcode 10.1?

    I had to also do that when I did my first Stamping about 2 weeks ago.

    So his case is definitely not one off case.

  8. Jerry F

    Nov 13 Pre-Release Testers, Xojo Pro Florissant MO USA

    Yes, I had opened Xcode some time before; it always does the "installing additional components" thing when I first do so. There is a chance I'm thinking of 10.0, and not 10.1.

    I did have to go to the Apple dev site, to create an application-specific password, for this to work, unlike (if I understand correctly) Sam's case. Also, at this moment I can only notarize .pkg files, as opposed to my customary .dmg. When I try with .dmg I get a "no mountable filesystems" error at the end of the process. I am using DMG Canvas, both separately and with AppWrapper integration; the template is set to default HFS+ case-insensitive. I can send the log if that would help.

  9. Sam R

    Nov 13 Pre-Release Testers, Xojo Pro Hengchun, Pingtung, Taiwan

    @Björn Eiríksson So his case is definitely not one off case.

    Intersting; I'll look into it ASAP.

    @Jerry Fritschle I did have to go to the Apple dev site, to create an application-specific password, for this to work, unlike (if I understand correctly) Sam's case.

    hmmm... I wonder what causes this; both App Wrapper and the other application are NOT on the App Store and I created a sample application specifically for testing this process and specifically didn't configure anything with Apple before hand. To basically see if I needed to complete this step or not; especially as the limited documentation didn't make it clear if setting an app password was required or not.

    You did sign it with a code signature that's registered to your Apple Developer account?

    @Jerry Fritschle I am using DMG Canvas, both separately and with AppWrapper integration; the template is set to default HFS+ case-insensitive. I can send the log if that would help.

    Yes, please. I want to keep this process as simple as possible, Maybe you can also give me a link to download your DMG so I can compare that with the App Wrapper DMG (which was accepted by Apple). Did you create the DMG on 10.14?

  10. Jerry F

    Nov 14 Pre-Release Testers, Xojo Pro Florissant MO USA

    The DMG was created on 10.14.1. My Apple Certificates are in order, per the Codesign Diagnostics in AppWrapper. What I believe to be the relevant part of the log is here:

    11/14/18 11:02:58 AM <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>notarization-info</key>
    <dict>
    <key>Date</key>
    <date>2018-11-14T17:01:19Z</date>
    <key>RequestUUID</key>
    <string>dfeecfa4-72eb-424a-8fdd-cb3c200a1239</string>
    <key>Status</key>
    <string>in progress</string>
    <key>Status Code</key>
    <integer>2</integer>
    <key>Status Message</key>
    <string>Package Invalid</string>
    </dict>
    <key>os-version</key>
    <string>10.14.1</string>
    <key>success-message</key>
    <string>No errors getting notarization info.</string>
    <key>tool-path</key>
    <string>/Applications/Xcode.app/Contents/Applications/Application Loader.app/Contents/Frameworks/ITunesSoftwareService.framework</string>
    <key>tool-version</key>
    <string>1.1.1138</string>
    </dict>
    </plist>

    11/14/18 11:02:58 AM StatusChanged: Analysis still in progress
    11/14/18 11:03:56 AM StatusChanged: Checking with Apple for analysis results...
    11/14/18 11:03:57 AM <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>notarization-info</key>
    <dict>
    <key>Date</key>
    <date>2018-11-14T17:01:19Z</date>
    <key>LogFileURL</key>
    <string>https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma118/v4/12/25/e5/1225e51f-196f-6dc1-24fb-eaeebf5d2f10/developer_log.json?accessKey=1542409437_2519063862023711622_O1xL1uEG4N5uR6G3d05nbiobxKchXTtE0DtqVQni1vq0zamCv7Miprt0VErMg6KRpXXrOCk4CHG4xwZuAs1JFaYoBSnmhYwLmKqusnxKpqD8DlHxT10SNVzHIhDo%2FPHuLQLvTfl9mNlZwJcVpQ6y9wcmelQgD5PJ27wbOFtVzKc%3D</string>
    <key>RequestUUID</key>
    <string>dfeecfa4-72eb-424a-8fdd-cb3c200a1239</string>
    <key>Status</key>
    <string>invalid</string>
    <key>Status Code</key>
    <integer>2</integer>
    <key>Status Message</key>
    <string>Package Invalid</string>
    </dict>
    <key>os-version</key>
    <string>10.14.1</string>
    <key>success-message</key>
    <string>No errors getting notarization info.</string>
    <key>tool-path</key>
    <string>/Applications/Xcode.app/Contents/Applications/Application Loader.app/Contents/Frameworks/ITunesSoftwareService.framework</string>
    <key>tool-version</key>
    <string>1.1.1138</string>
    </dict>
    </plist>

    11/14/18 11:03:57 AM Has a remote log, requesting that now
    11/14/18 11:03:57 AM StatusChanged: Package Invalid retrieving the remote log...
    11/14/18 11:03:58 AM Remote Log: {"logFormatVersion": 1, "jobId": "dfeecfa4-72eb-424a-8fdd-cb3c200a1239", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "Demo_FTProofsheet_Client.dmg", "uploadDate": "2018-11-14T17:01:19Z", "sha256": "39c38c87a8ed922f9359a404684c36535f3e14f5952a497dea06d05f00a32f2c", "ticketContents": null, "issues": [{"severity": "error", "code": null, "path": "Demo_FTProofsheet_Client.dmg", "message": "b'hdiutil: attach failed - no mountable file systems\\n'", "docUrl": null, "architecture": null}]}
    11/14/18 11:03:58 AM b'hdiutil: attach failed - no mountable file systems\n' in Demo_FTProofsheet_Client.dmg

  11. Jerry F

    Nov 26 Pre-Release Testers, Xojo Pro Florissant MO USA
    Edited 3 months ago

    I stepped away from this problem for awhile. As it happens, I wiped and restored my system in the meantime. That's a long story that had to do with Time Machine weirdness. Using the AppWrapper Beta, I notarized a .dmg installer (having, again, only succeeded with .pkg before) quite nicely.

    While I am not sure, it is possible that my problem before was that DMG Canvas was saving its .dmg file to my desktop, which syncs with iCloud Drive. I learned a long time ago not to code sign an app bundle living in iCloud (or DropBox), because of the weird things happening underneath. It had never bothered the code signing within DMG Canvas itself, but may have here, and this time I made sure of the file's location. I believe this hypothesis is more likely than somehow magically fixing something in my system wipe.

    Once again, because of the restore, I had to do "sudo xcode-select --switch (path to Xcode)" before it would work. And this time, I know that Xcode had been open and run previously.

  12. 2 months ago

    Gavin S

    Dec 10 Pre-Release Testers, Xojo Pro UK

    Hey Sam, the 3.9 beta has now expired. Just wondering if there was an update yet that I missed?

  13. Jerry F

    Dec 10 Pre-Release Testers, Xojo Pro Florissant MO USA

    I got the new beta from the Ohanaware site, which is good until January (1/5 or thereabouts)

  14. Sam R

    Dec 10 Pre-Release Testers, Xojo Pro Hengchun, Pingtung, Taiwan

    @Gavin S Hey Sam, the 3.9 beta has now expired. Just wondering if there was an update yet that I missed?

    I am really sorry; I'm really busy with a whole bunch of things going on. Was hoping that one of them would have been finished at the end of November, but I am just about finishing up the optimizing on part of it.

    The newer beta is available form here.
    http://www.ohanaware.com/appwrapper/appWrapper3update39Beta.dmg

  15. @Jerry F The DMG was created on 10.14.1. My Apple Certificates are in order, per the Codesign Diagnostics in AppWrapper. What I believe to be the relevant part of the log is here:

    11/14/18 11:02:58 AM <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>notarization-info</key>
    <dict>
    <key>Date</key>
    <date>2018-11-14T17:01:19Z</date>
    <key>RequestUUID</key>
    <string>dfeecfa4-72eb-424a-8fdd-cb3c200a1239</string>
    <key>Status</key>
    <string>in progress</string>
    <key>Status Code</key>
    <integer>2</integer>
    <key>Status Message</key>
    <string>Package Invalid</string>
    </dict>
    <key>os-version</key>
    <string>10.14.1</string>
    <key>success-message</key>
    <string>No errors getting notarization info.</string>
    <key>tool-path</key>
    <string>/Applications/Xcode.app/Contents/Applications/Application Loader.app/Contents/Frameworks/ITunesSoftwareService.framework</string>
    <key>tool-version</key>
    <string>1.1.1138</string>
    </dict>
    </plist>

    11/14/18 11:02:58 AM StatusChanged: Analysis still in progress
    11/14/18 11:03:56 AM StatusChanged: Checking with Apple for analysis results...
    11/14/18 11:03:57 AM <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>notarization-info</key>
    <dict>
    <key>Date</key>
    <date>2018-11-14T17:01:19Z</date>
    <key>LogFileURL</key>
    <string>https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma118/v4/12/25/e5/1225e51f-196f-6dc1-24fb-eaeebf5d2f10/developer_log.json?accessKey=1542409437_2519063862023711622_O1xL1uEG4N5uR6G3d05nbiobxKchXTtE0DtqVQni1vq0zamCv7Miprt0VErMg6KRpXXrOCk4CHG4xwZuAs1JFaYoBSnmhYwLmKqusnxKpqD8DlHxT10SNVzHIhDo%2FPHuLQLvTfl9mNlZwJcVpQ6y9wcmelQgD5PJ27wbOFtVzKc%3D</string>
    <key>RequestUUID</key>
    <string>dfeecfa4-72eb-424a-8fdd-cb3c200a1239</string>
    <key>Status</key>
    <string>invalid</string>
    <key>Status Code</key>
    <integer>2</integer>
    <key>Status Message</key>
    <string>Package Invalid</string>
    </dict>
    <key>os-version</key>
    <string>10.14.1</string>
    <key>success-message</key>
    <string>No errors getting notarization info.</string>
    <key>tool-path</key>
    <string>/Applications/Xcode.app/Contents/Applications/Application Loader.app/Contents/Frameworks/ITunesSoftwareService.framework</string>
    <key>tool-version</key>
    <string>1.1.1138</string>
    </dict>
    </plist>

    11/14/18 11:03:57 AM Has a remote log, requesting that now
    11/14/18 11:03:57 AM StatusChanged: Package Invalid retrieving the remote log...
    11/14/18 11:03:58 AM Remote Log: {"logFormatVersion": 1, "jobId": "dfeecfa4-72eb-424a-8fdd-cb3c200a1239", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "Demo_FTProofsheet_Client.dmg", "uploadDate": "2018-11-14T17:01:19Z", "sha256": "39c38c87a8ed922f9359a404684c36535f3e14f5952a497dea06d05f00a32f2c", "ticketContents": null, "issues": [{"severity": "error", "code": null, "path": "Demo_FTProofsheet_Client.dmg", "message": "b'hdiutil: attach failed - no mountable file systems\\n'", "docUrl": null, "architecture": null}]}
    11/14/18 11:03:58 AM b'hdiutil: attach failed - no mountable file systems\n' in Demo_FTProofsheet_Client.dmg

    thank you for your help
    best regards

  16. Sam R

    Dec 11 Pre-Release Testers, Xojo Pro Hengchun, Pingtung, Taiwan

    @Jerry F 11/14/18 11:03:58 AM Remote Log: {"logFormatVersion": 1, "jobId": "dfeecfa4-72eb-424a-8fdd-cb3c200a1239", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "Demo_FTProofsheet_Client.dmg", "uploadDate": "2018-11-14T17:01:19Z", "sha256": "39c38c87a8ed922f9359a404684c36535f3e14f5952a497dea06d05f00a32f2c", "ticketContents": null, "issues": [{"severity": "error", "code": null, "path": "Demo_FTProofsheet_Client.dmg", "message": "b'hdiutil: attach failed - no mountable file systems\\n'", "docUrl": null, "architecture": null}]}
    11/14/18 11:03:58 AM b'hdiutil: attach failed - no mountable file systems\n' in Demo_FTProofsheet_Client.dmg

    Okay, so I'm starting to see a few people with issue and I have also experienced it myself. At the moment, I can only conclude that something (I don't know what just yet) goes wrong when code signing the DMG. It's been hard to figure out as it doesn't happen all the time. Almost everytime it happens, simply doing it again creates a new DMG which works. I now have a bunch of these broken DMG files, so I'm going to see if there is a way I can get App Wrapper to detect a broken DMG.

  17. Jerry F

    Dec 12 Pre-Release Testers, Xojo Pro Florissant MO USA

    I have not had a failure for some time now. One mistake I made early-on was that when I edited my dmgCanvas template for a new workflow, I set it with the source (pre-wrapped) app bundle, not the one that appears in the "Wrapped Application" directory. Simply, the .dmg did not have the right file (which really didn't exist yet.) So I copied the bundle into the destination folder, edited the template appropriately, and that made a world of difference. Like I said, silly goof, but perhaps I'm not alone.

    I've previously noted that I use iCloud synching for my Desktop and Documents (Sam has politely made his opinion of that known to me :-) ), and I long ago learned to stay away from these directories when doing this, as (like Dropbox) they produce weirdness when code signing.

  18. Aurelian N

    Dec 12 Pre-Release Testers, Xojo Pro

    @Sam R Okay, so I'm starting to see a few people with issue and I have also experienced it myself. At the moment, I can only conclude that something (I don't know what just yet) goes wrong when code signing the DMG. It's been hard to figure out as it doesn't happen all the time. Almost everytime it happens, simply doing it again creates a new DMG which works. I now have a bunch of these broken DMG files, so I'm going to see if there is a way I can get App Wrapper to detect a broken DMG.

    Hello Sam ,

    Any idea where I can put this in the Wrapper app ?

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    	<key>com.apple.application-identifier</key>
    	<string>com.appname</string>
    	<key>com.apple.security.app-sandbox</key>
    	<false/>
    	<key>com.apple.security.smartcard</key>
    	<true/>
    </dict>
    </plist>

    It is an entitlement that has to be used in order to use a smart card reader.

    Thanks.

  19. Sascha S

    Dec 12 Pre-Release Testers, Xojo Pro Germany

    @Sam R At the moment, I can only conclude that something (I don't know what just yet) goes wrong when code signing the DMG.

    I had reported an issue related to this to the developer a few weeks ago and he replied: "I'm not yet sure why this happens, but it seems possibly an issue with the underlying system in macOS which does the disk image creation. For now, a restart will kick it back into working."

    Joking: (Please do not start to rant about Apple & macOS Issues again, Sam) :D

  20. Sam R

    Dec 13 Pre-Release Testers, Xojo Pro Hengchun, Pingtung, Taiwan

    @SaschaSchneppmueller Joking: (Please do not start to rant about Apple & macOS Issues again, Sam) :D

    I couldn't at the moment, even if I wanted too... I am so very tired (and not finished).

  21. Sascha S

    Dec 13 Pre-Release Testers, Xojo Pro Germany

    @Sam R I couldn't at the moment, even if I wanted too... I am so very tired (and not finished).

    Maybe extend the Beta expiration date to the end of january and concentrate on your important project. And if you can, stay away from Xojo entirely for the last 2 weeks of december, do it. Your health is more important than anything.

or Sign Up to reply!