It would be great to be able to change the notarization config without having to reenter all the information and creating a new config. Maybe I’m just too blind to see the option, but it seems to be the only way?
Yeah, the Notarization code is heavily based on how we already handled Android and iOS credentials but the Notarization credentials are much more involved. It would definitely make sense to add in the ability to edit them but we probably don’t have the time necessary to implement such a thing right now. I’ll make a note to keep this in mind for future revisions.
That’s good to hear. I hate the whole Notarization process from Apple, so I was really hoping this could take some of the load off for me. Currently still struggling to get a result that does not fail and I am currently on my 5th notarization setting. So there will need to be a way to delete the failed ones at least… If possibly it would be great to get some better failure information too. Looking at the log it’s not really helping.
You should be able to delete the old credentials from the credentials page available at the root level of the developer dashboard (i.e. when no project is selected).
Unfortunately, failure information is usually not directly controlled by us. For most of the log lines we just print what we’re given unless there’s an obvious substitution we can make to improve clarity.
Sorry to continue this, but I have some log information that really disturbs me (6th try):
Signing credentials: AppStoreV6 (iPhone Distribution:
I’m using a p12 file containing: 3rd Party Mac Developer Installer and 3rd Party Mac Developer Application
Where do these signing credentials come from? It feels like a bug to me (I do have iPhone Distribution information in another Build-Config)
That line comes from your p12 file, we decrypt that and store/validate some info. That line is the cert name, designated as “CN = {name}” in the file. It’s possible to have a valid Notarization profile that mentions iPhone distribution (mostly because you can rename certificates) but it does sound suspicious, you should make sure that you’re uploading the correct p12 file. The cert is not necessarily incorrect but does seem likely to be wrong.
The code for OSX credentials and iOS credentials is pretty well isolated and well tested, I don’t think it’s likely that the Build API is somehow mixing in iPhone credentials. If you try again with a p12 that you are certain is a Mac Developer ID certificate then we can look into it though - especially if the issue is resolved when you first try deleting your iOS credentials (if practical).
hmmm it’s not a mac developer id certificate. I added both 3rd Party Mac Developer Installer and 3rd Party Mac Developer Application as I want to be able to submit it to the app store. Before writing my last message I had rebuilt the p12 again just in case I had messed up. I’ve done that again and will wait for the results. I have not deleted the ios config yet, but I guess I can do that. What would really help me is to know what scripts you are running so I could recreate it myself.
We’re running codesign --deep --force --verify --verbose --timestamp --options runtime --entitlements #{entitlements_file} --sign #{"\""+credential_info['certificate']['certName']+"\""} #{"\""+app_path+"\""})
then the Fastlane Notarize command, after installing the credentials on the build agent. Each build is run independently so there are no credentials installed other than the one you provided.
Thanks Victor. I’ve tried with Developer ID and get a different error, so I guess something is wrong with my certificates. I will try to build using the code you provided and hope I can find the issue.
Is Unity Cloud Build expecting an application specific password or the actual login for the user? I’ve managed to submit an app for notarization myself using app-specific-password but am still failing to do so with unity cloud build.
I used xcrun to submit the app for notarization instead of fastlane. According to fastlane docs a flag is required to use the app specific password, so that could be one of the culprits for the build/notarization failing??
“Provide the application specific password using the environment variable FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD”
I was not able to submit my app for notarization using the normal login with xcrun, so maybe having an app specific password forces me to actually use it. But if the FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD variable is not set, I guess my builds will always fail? This is just a wild guess, but I am at the end of my wit.
That variable is only used for the pilot or deliver actions (which we are not using). Most of the tests we did for the notarization workflow were performed with an app-specific password.
It’s driving me a bit crazy to be honest. As stated I have managed to upload a build for notarization via cli, so it can’t be all wrong. Is there a way we can test this and shorten the process for you and me? I can give you both username and app specific password, then at least the app can be sent in for notarization. The logs currently suggest that the login is the issue, but I have tried this I don’t know how many times. Maybe something goes wrong when copying in the password, but I can’t tell as I can’t see what was typed. Grasping at straws. Could be the provider name but that was also accepted by cli (I got it via xcrun altool --list-providers)
! build of 'sfaeremac' failed. ! notarization failed. Ensure that you have supplied a valid Apple username and password, and that you have supplied a provider name if your Apple ID is associated with multiple providers.
Probably the best approach now would be to submit a support ticket and we can investigate directly.
Done. Thanks victorw
I’m also getting this error in UCB and I’m struggling to figure out where the mistake lies. I’m sure my provider, .p12 file, and app-specific password are all correct, but it’s still failing with this error.
So we’ve set up notarization for one of our builds but it looks like nothing happened: the build finished without errors but the app is not notarized and there is nothing in the logs about notarization. Are we doing something wrong?
Hey - did you ever solve this one - we are facing the exact same issue. thanks
We eventually got it working, here are some of the mistakes that we made:
- We used the standard password for Apple account instead of an “application specific password” ← google this term.
- The provider name is supposed to be optional according to the tooltip but we had to fill it in even though we only have one project and one provider. You have to enter your team ID as the provider name.
I am getting crazy atm :'). I keep getting this error:
! build of 'master-mac-desktop-universal' failed. ! notarization failed. Ensure that you have supplied a valid Apple username and password, and that you have supplied a provider name if your Apple ID is associated with multiple providers.
I hope someone can help me out:
- I created an OSX development profile and downloaded the P12 file.
- I created an app specific password
- As Provider Short Name I used the Team ID, as mentioned before
- As Apple ID Username, I use the email address of the Apple account. I also tried using the name of the app specific password.
- As Password I use the app specific password.
Is this all correct? Am I overseeing anything?
I am getting the same error, @AdminXRBASE . Did you fix your build?