User profile for user: ravindra132
ravindra132 Author
User level: Level 1
8 points

Unable to notarise the .pkg file due to The signature of the binary is invalid and The binary is not signed.

Hi,

I'm creating a notarized .pkg.

I followed few steps to notarization the .pkg file


I use the Packages to generate the .pkg file.



In the Payload tab I added **Python.framework** to **Library** Folder and some files to **/usr/local/** because my application is dependent on the Python framework. So I'm trying to put the Python framework into the end-user system. So I'm directly adding it to the Library folder.



Now unsigned .pkg file is generated. So with help of the following command, I create a signed .pkg


    productsign -sign “Developer ID Installer: Your Apple Account Name (**********)” ~/Desktop/example.pkg ~/Desktop/signed-example.pkg


After that, I notarized my signed .pkg with the following command


xcrun altool --notarize-app --primary-bundle-id "com.xxxxxx.yyyyy” --username “yourmail@xxx.com” --password “app-spefic-password” --file ./singed.pkg



when I uploaded my signed .pkg for notarization successfully.

when I check to notarize status with the following command


xcrun altool --notarization-info “request-id(will get after above command successfully)” --username “yourmail@xxx.com” --password “app-specific-password”


The package got the invalid status

When I saw the log file then there are many errors regarding added framework and file.



{
  "severity": "error",
  "code": null,
  "path": "Signed.pkg/Signed.pkg Contents/Payload/usr/local/Frameworks/Python.framework/Versions/3.8/Python",
  "message": "The signature of the binary is invalid.",
  "docUrl": null,
  "architecture": "x86_64"
}


Please guild me that I'm doing something wrong or do I have to follow another approach.

Please help me to add to Python.framework to the end-users Library Folder.




Posted on Jul 29, 2021 1:04 AM

Reply
Question marked as Top-ranking reply
User profile for user: etresoft
etresoft
User level: Level 9
56,572 points

Posted on Jul 29, 2021 5:48 AM

I don’t know if this is a problem with Packages or with your particular package. But your structure is completely wrong and is never going to work. You are trying to put the Frameworks directory inside /usr/local/. It doesn’t go there and won’t work. You screen shot has it in /Library, which is more appropriate. To be honest, it might be a problem there too because of conflicts. The best place is inside your app bundle.


But none of that has anything to do with the problem you are asking about. All of your executable binaries, apps, tools, dylibs, need to be signed before they go into the package. Then you sign and notarize the package itself.

View in context

Similar questions

1 reply
Question marked as Top-ranking reply
User profile for user: etresoft
etresoft
User level: Level 9
56,572 points

Jul 29, 2021 5:48 AM in response to ravindra132

I don’t know if this is a problem with Packages or with your particular package. But your structure is completely wrong and is never going to work. You are trying to put the Frameworks directory inside /usr/local/. It doesn’t go there and won’t work. You screen shot has it in /Library, which is more appropriate. To be honest, it might be a problem there too because of conflicts. The best place is inside your app bundle.


But none of that has anything to do with the problem you are asking about. All of your executable binaries, apps, tools, dylibs, need to be signed before they go into the package. Then you sign and notarize the package itself.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Unable to notarise the .pkg file due to The signature of the binary is invalid and The binary is not signed.

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up