Notarization hangs on `notarytool submit` for hours without output

Question

Notarization hangs on `notarytool submit` for hours without output

TheNextGuy32 opened this issue 10 months ago · 14 comments

Im using "@electron-forge/cli": "^7.2.0" which uses notarize under the hood. I provide credentials to notarize by passing them to my forge.config.js like this:

osxSign: {
      'identity': "Developer ID Application: MYCOMPANYNAME",
      'hardened-runtime': true,
      'gatekeeper-assess': false,
      'entitlements': 'entitlements.plist',
      'entitlements-inherit': 'entitlements.plist',
    },
osxNotarize: {
      tool: 'notarytool',
      appleId: process.env.APPLE_ID,
      appleIdPassword: process.env.APP_SPECIFIC_PASSWORD,
      teamId: process.env.APPLE_TEAM_ID,
    },

And I run electron-forge package.

Expected Behavior:

Notarization succeeds or fails within 15 minutes.

Actual Behavior:

The notarization step hangs on the notarytool submit step shown here:

electron-notarize:spawn spawning cmd: xcrun args: [
  'notarytool', 'submit', '/var/folders/4g/p6tq8s_j4tqf78675mcggp8m0000gn/T/electron-notarize-F7fJr2/MYAPPNAME.zip',
  '--apple-id', '*********',
  '--password', '*********',
  '--team-id', '*********',
  '--wait',
  '--output-format', 'json'
] opts: {} +0ms

Notes:

Running this command by hand hangs, but if I remove --wait it succeeds in a couple minutes. My understanding of this wait flag is that its waiting on something else, but I dont understand what.

Removing the notarization steps prevents the hanging.

The zip is 0.3gb. I've checked that these vars are in my env. This issue has persisted all weekend.

What may be causing it to hang?

Answer 1 · 2024-02-25T07:23:31.000Z

I have the same issue.

Similar configuration as you, but using w/ electron-builder + a afterSign script to call notarize.

It seems like wait flag does the following:

"Use the wait flag to tell notarytool to exit only after the Notary service finishes processing the submission. This eliminates the need to poll the service for status. Use the webhook flag if you want to specify a URL for the service to access after processing the submission."

When you remove the wait flag is it successfully notarizing?

Answer 2 · 2024-02-25T23:18:37.000Z

I think the it's apple's issue

https://forums.developer.apple.com/forums/thread/736977

Answer 3 · 2024-03-07T14:56:58.000Z

Did anyone succeed in getting this to work?

Answer 4 · 2024-03-07T15:05:17.000Z

I waited for 2 days and succeeded

Answer 5 · 2024-03-07T15:33:00.000Z

What if I want to do this as a part of the release cycle using GitHub Actions. An action running for two days is crazy talk.

Answer 6 · 2024-03-07T16:13:09.000Z

What if I want to do this as a part of the release cycle using GitHub Actions. An action running for two days is crazy talk.

Do not wait until it runs successfully

Answer 7 · 2024-03-08T07:41:27.000Z

In my case it started to randomly to work.

A few things to note about my case, which might have been a factor:

It was a new developer account.
First time notarization.
Attempting to notarize on the weekend.
Notarization suddenly started working Monday morning.

Possibly Apple has a human in the loop for new developer accounts that are doing first time notarization?

I'd say if you are still having issues within a few days of attempting first notarization, try reaching out to Apple.

When notarization succeeds in my exp it has been within 15 mins.

Answer 8 · 2024-03-08T14:22:47.000Z

Is there a way to remove the --wait from the forge config?

Answer 9 · 2024-04-18T07:07:28.000Z

I've been seeing the same issue but only inside a GitHub action. I have a projects that builds with electron-forge, which calls electron-notarize under the hood. If I run yarn package in my computer it builds, signs, and notarizes the app correctly. The notarization wait time varies, but usually it doesn't take more than 5 minutes.

But if I run the same command inside a GitHub workflow, it either succeeds or hangs pretty randomly. When it succeeds it takes about 15 minutes, which is significantly more than in my computer, but ok. But often it just gets stuck in the notarization step. In these cases the runner times out before I can see if the notarization would ever succeed.

Edit: In the end this was not a notarization issue, but a code-sign one. If anybody is interested here's the solution I found.

Answer 10 · 2024-05-20T11:57:34.000Z

https://github.com/patrikx3/redis-ui/actions/runs/9157978771/job/25175405026#step:6:1195

Answer 11 · 2024-05-20T11:57:51.000Z

anybody could fix this? i am stuck in that output

Answer 12 · 2024-05-20T17:33:36.000Z

i think on weekend or holiday it is stops working.

Answer 13 · 2024-06-06T22:31:45.000Z

I feel like #149 would be an answer to long hanging times on Apple's side, but a proper solution hasn't been sketched out yet.

I'm okay with keeping this issue open for community troubleshooting, though.

Answer 14 · 2024-12-01T07:57:47.000Z

Both wait and webhook is supported on the current fork https://github.com/mistweaverco/electron-notarize-async

It's even published to npm, so you can start using it right away.

It's a drop in replacement, so should really work out of the box.

It does not wait by default, so hence the name async.

Downside to this being async is, that you won't staple the ticket in, but I don't mind for the moment.