Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Notarization hangs on notarytool submit for hours without output #179

Open
TheNextGuy32 opened this issue Feb 18, 2024 · 14 comments
Open

Notarization hangs on notarytool submit for hours without output #179

TheNextGuy32 opened this issue Feb 18, 2024 · 14 comments

Comments

@TheNextGuy32
Copy link

TheNextGuy32 commented Feb 18, 2024

Im using "@electron-forge/cli": "^7.2.0" which uses notarize under the hood. I provide credentials to notarize by passing them to my forge.config.js like this:

osxSign: {
      'identity': "Developer ID Application: MYCOMPANYNAME",
      'hardened-runtime': true,
      'gatekeeper-assess': false,
      'entitlements': 'entitlements.plist',
      'entitlements-inherit': 'entitlements.plist',
    },
osxNotarize: {
      tool: 'notarytool',
      appleId: process.env.APPLE_ID,
      appleIdPassword: process.env.APP_SPECIFIC_PASSWORD,
      teamId: process.env.APPLE_TEAM_ID,
    },

And I run electron-forge package.

Expected Behavior:

Notarization succeeds or fails within 15 minutes.

Actual Behavior:

The notarization step hangs on the notarytool submit step shown here:

electron-notarize:spawn spawning cmd: xcrun args: [
  'notarytool', 'submit', '/var/folders/4g/p6tq8s_j4tqf78675mcggp8m0000gn/T/electron-notarize-F7fJr2/MYAPPNAME.zip',
  '--apple-id', '*********',
  '--password', '*********',
  '--team-id', '*********',
  '--wait',
  '--output-format', 'json'
] opts: {} +0ms

Notes:

Running this command by hand hangs, but if I remove --wait it succeeds in a couple minutes. My understanding of this wait flag is that its waiting on something else, but I dont understand what.

Removing the notarization steps prevents the hanging.

The zip is 0.3gb. I've checked that these vars are in my env. This issue has persisted all weekend.

What may be causing it to hang?

@jt-l
Copy link

jt-l commented Feb 25, 2024

I have the same issue.

Similar configuration as you, but using w/ electron-builder + a afterSign script to call notarize.

It seems like wait flag does the following:

"Use the wait flag to tell notarytool to exit only after the Notary service finishes processing the submission. This eliminates the need to poll the service for status. Use the webhook flag if you want to specify a URL for the service to access after processing the submission."

When you remove the wait flag is it successfully notarizing?

@himself65
Copy link

I think the it's apple's issue

https://forums.developer.apple.com/forums/thread/736977

@michaelburris
Copy link

Did anyone succeed in getting this to work?

@himself65
Copy link

I waited for 2 days and succeeded

@michaelburris
Copy link

What if I want to do this as a part of the release cycle using GitHub Actions. An action running for two days is crazy talk.

@himself65
Copy link

What if I want to do this as a part of the release cycle using GitHub Actions. An action running for two days is crazy talk.

Do not wait until it runs successfully

@jt-l
Copy link

jt-l commented Mar 8, 2024

In my case it started to randomly to work.

A few things to note about my case, which might have been a factor:

  1. It was a new developer account.
  2. First time notarization.
  3. Attempting to notarize on the weekend.
  4. Notarization suddenly started working Monday morning.

Possibly Apple has a human in the loop for new developer accounts that are doing first time notarization?

I'd say if you are still having issues within a few days of attempting first notarization, try reaching out to Apple.

When notarization succeeds in my exp it has been within 15 mins.

@michaelburris
Copy link

Is there a way to remove the --wait from the forge config?

@albireox
Copy link

albireox commented Apr 18, 2024

I've been seeing the same issue but only inside a GitHub action. I have a projects that builds with electron-forge, which calls electron-notarize under the hood. If I run yarn package in my computer it builds, signs, and notarizes the app correctly. The notarization wait time varies, but usually it doesn't take more than 5 minutes.

But if I run the same command inside a GitHub workflow, it either succeeds or hangs pretty randomly. When it succeeds it takes about 15 minutes, which is significantly more than in my computer, but ok. But often it just gets stuck in the notarization step. In these cases the runner times out before I can see if the notarization would ever succeed.

Edit: In the end this was not a notarization issue, but a code-sign one. If anybody is interested here's the solution I found.

@p3x-robot
Copy link

anybody could fix this? i am stuck in that output

@p3x-robot
Copy link

i think on weekend or holiday it is stops working.

@erickzhao
Copy link
Member

I feel like #149 would be an answer to long hanging times on Apple's side, but a proper solution hasn't been sketched out yet.

I'm okay with keeping this issue open for community troubleshooting, though.

@gorillamoe
Copy link

gorillamoe commented Dec 1, 2024

Both wait and webhook is supported on the current fork https://github.com/mistweaverco/electron-notarize-async

It's even published to npm, so you can start using it right away.

It's a drop in replacement, so should really work out of the box.

It does not wait by default, so hence the name async.

Downside to this being async is, that you won't staple the ticket in, but I don't mind for the moment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

8 participants