Unhelpful error when app-specific password is not used
wasauce opened this issue · 7 comments
Hello!
Thank you for building such a useful tool.
In June, we were using xcnotary 0.4.1 and we were creating DMGs easily and having them notarized. Then, we stopped building DMGs for a while (big new feature) -- so it wasn't until today that I tried to build a new dmg.
This is the command we are running (I pulled out our personal information):
xcnotary notarize nameofdmg.dmg -d ouremailaddress@domain.com -k AC_PASSWORD --provider OURPROVIDERINFO
This is the error I get:
Processing...
✔ Perform check: Developer ID signing
⠚ Uploading to notarization service
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Error { inner: ErrorImpl { kind: Serde("missing field `notarization-upload`"), file_position: None } }', src/util/plist/mod.rs:11:5
I am running this locally on my laptop which is running 10.15.3 (19D76)
I then decided to upgrade to xcnotary 0.4.2 via a brew upgrade akeru-inc/tap/xcnotary
Same error as above.
Can you help me think through what I am doing wrong or let me know if this is a bug?
Thank you again!
Thanks for the report! While I haven't seen this before, it appears that the underlying Xcode tool is returning an unexpected response, and I should probably add some logging for this situation.
Could you please try running the tool directly and let me know what you get in response? (With personal information scrubbed.)
xcrun altool --notarize-app --file nameofdmg.dmg --primary-bundle-id foo.com -u ouremailaddress@domain.com -p AC_PASSWORD --provider OURPROVIDERINFO --output-format xml
Thanks for the reply!
My scrubbed command:
xcrun altool --notarize-app --file nameofdmg.dmg --primary-bundle-id foo.com --username ouremailaddress@domain.com --password AC_PASSWORD --provider OURPROVIDERINFO --output-format xml
Here is the output
2020-07-10 15:48:58.065 altool[81246:6172287] *** Error: /Applications/Xcode.app/Contents/Developer/usr/bin/altool: option '-' is unknown: ignored
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>os-version</key>
<string>10.15.3</string>
<key>product-errors</key>
<array>
<dict>
<key>code</key>
<integer>-22016</integer>
<key>message</key>
<string>We are unable to create an authentication session.</string>
<key>userInfo</key>
<dict>
<key>NSLocalizedDescription</key>
<string>We are unable to create an authentication session.</string>
<key>NSLocalizedFailureReason</key>
<string>Unable to validate your application.</string>
</dict>
</dict>
</array>
<key>tool-path</key>
<string>/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework</string>
<key>tool-version</key>
<string>4.00.1181</string>
</dict>
</plist>
FYI - xcrun version 48.
3 ideas:
1/ It might be this: https://medium.com/@EeKayOnline/how-to-fix-the-we-are-unable-to-create-an-authentication-session-error-in-visual-studio-57602b06948d
2/ Maybe I need to update to the latest version of the developer tools. (I just did -- no difference)
3/ My other thought is maybe the account (user) that I am using needs to accept some terms in Apple's developer center (I need to check on this)
Thanks! From some Googling it seems to be most likely (1), that is creating/recreating an app-specific password.
Also per [Apple docs]:(https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow#3087734)
Because App Store Connect now requires two-factor authentication (2FA) on all accounts, you must create an app-specific password for altool, as described in Using app-specific passwords.
(3) Would generate a different error (a more helpful error message.)
Would you let me know if the suggested fix works out? On my end, I'm going to try to catch this to show a more helpful error message.
I will follow-up once I try creating an app-specific password. Unfortunately I probably won't have an update until Sunday evening US or Monday.
Thank you again!
Apologies for the slow reply.
The problems were on my end.
I needed to use an app-specific password
AND
I had some unsigned agreements! (For some reason even though we don't have a paid app -- I had to sign that agreement and there was no alert when I logged in! Doh! I should have checked this since it was post WWDC).
Thank you again for the great tool!
Thanks for the update, that's great and glad it worked out.
Going to improve the error message in case anybody else hits this.
Error reporting has been improved in release v0.4.7