DiscordSign up
SKILLS.SH

asc-notarization

Archive, export, and notarize macOS apps using xcodebuild and asc. Use when you need to prepare a macOS app for distribution outside the App Store with…

INSTALLATION
npx skills add https://github.com/rudrankriyam/app-store-connect-cli-skills --skill asc-notarization
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

$27

Fix Broken Trust Settings

If codesign or xcodebuild fails with "Invalid trust settings" or "errSecInternalComponent", the certificate may have custom trust overrides that break the chain:

# Check for custom trust settings

security dump-trust-settings 2>&1 | grep -A1 "Developer ID"

# If overrides exist, export the cert and remove them

security find-certificate -c "Developer ID Application" -p ~/Library/Keychains/login.keychain-db > /tmp/devid-cert.pem

security remove-trusted-cert /tmp/devid-cert.pem

Verify Certificate Chain

After fixing trust settings, verify the chain is intact:

codesign --deep --force --options runtime --sign "Developer ID Application: YOUR NAME (TEAM_ID)" /path/to/any.app 2>&1

The signing must show the chain: Developer ID Application → Developer ID Certification Authority → Apple Root CA.

Step 1: Archive

xcodebuild archive \

  -scheme "YourMacScheme" \

  -configuration Release \

  -archivePath /tmp/YourApp.xcarchive \

  -destination "generic/platform=macOS"

Step 2: Export with Developer ID

Create an ExportOptions plist for Developer ID distribution:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

    <key>method</key>

    <string>developer-id</string>

    <key>signingStyle</key>

    <string>automatic</string>

    <key>teamID</key>

    <string>YOUR_TEAM_ID</string>

</dict>

</plist>

Export the archive:

xcodebuild -exportArchive \

  -archivePath /tmp/YourApp.xcarchive \

  -exportPath /tmp/YourAppExport \

  -exportOptionsPlist ExportOptions.plist

This produces a .app bundle signed with Developer ID Application and a secure timestamp.

Verify the Export

codesign -dvvv "/tmp/YourAppExport/YourApp.app" 2>&#x26;1 | grep -E "Authority|Timestamp"

Confirm:

  • Authority chain starts with "Developer ID Application"
  • A Timestamp is present

Step 3: Create a ZIP for Notarization

ditto -c -k --keepParent "/tmp/YourAppExport/YourApp.app" "/tmp/YourAppExport/YourApp.zip"

Step 4: Submit for Notarization

Fire-and-forget

asc notarization submit --file "/tmp/YourAppExport/YourApp.zip"

Wait for result

asc notarization submit --file "/tmp/YourAppExport/YourApp.zip" --wait

Custom polling

asc notarization submit --file "/tmp/YourAppExport/YourApp.zip" --wait --poll-interval 30s --timeout 1h

Step 5: Check Results

Status

asc notarization status --id "SUBMISSION_ID" --output table

Developer Log (for failures)

asc notarization log --id "SUBMISSION_ID"

Fetch the log URL to see detailed issues:

curl -sL "LOG_URL" | python3 -m json.tool

List Previous Submissions

asc notarization list --output table

asc notarization list --limit 5 --output table

Step 6: Staple (Optional)

After notarization succeeds, staple the ticket so the app works offline:

xcrun stapler staple "/tmp/YourAppExport/YourApp.app"

For DMG or PKG distribution, staple after creating the container:

# Create DMG

hdiutil create -volname "YourApp" -srcfolder "/tmp/YourAppExport/YourApp.app" -ov -format UDZO "/tmp/YourApp.dmg"

xcrun stapler staple "/tmp/YourApp.dmg"

Supported File Formats

Format

Use Case

.zip

Simplest; zip a signed .app bundle

.dmg

Disk image for drag-and-drop install

.pkg

Installer package (requires Developer ID Installer certificate)

PKG Notarization

To notarize .pkg files, you need a Developer ID Installer certificate (separate from Developer ID Application). This certificate type is not available through the App Store Connect API — create it at https://developer.apple.com/account/resources/certificates/add.

Sign the package:

productsign --sign "Developer ID Installer: YOUR NAME (TEAM_ID)" unsigned.pkg signed.pkg

Then submit:

asc notarization submit --file signed.pkg --wait

Troubleshooting

"Invalid trust settings" during export

The Developer ID certificate has custom trust overrides. See the Preflight section above to remove them.

"The binary is not signed with a valid Developer ID certificate"

The app was signed with a Development or App Store certificate. Re-export with method: developer-id in ExportOptions.plist.

"The signature does not include a secure timestamp"

Add --timestamp to manual codesign calls, or use xcodebuild -exportArchive which adds timestamps automatically.

Upload timeout for large files

Set a longer upload timeout:

ASC_UPLOAD_TIMEOUT=5m asc notarization submit --file ./LargeApp.zip --wait

Notarization returns "Invalid" but signing looks correct

Fetch the developer log for specific issues:

asc notarization log --id "SUBMISSION_ID"

Common causes: unsigned nested binaries, missing hardened runtime, embedded libraries without timestamps.

Notes

  • The asc notarization commands use the Apple Notary API v2, not xcrun notarytool.
  • Authentication uses the same API key as other asc commands.
  • Files are uploaded directly to Apple's S3 bucket with streaming (no full-file buffering).
  • Files over 5 GB use multipart upload automatically.
  • Always use --help to verify flags: asc notarization submit --help.
BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

find-skills
2/3

Discover and install specialized agent skills from the open ecosystem when users need extended capabilities. Helps identify relevant skills by domain and task when users ask "how do I do X" or "find a skill for X" Integrates with the Skills CLI ( npx skills find , npx skills add ) to search, verify, and install packages from the skills.sh directory Recommends skills based on install count, source reputation, and GitHub stars to ensure quality before suggesting installation Presents skill options with install commands and links to skills.sh for user review and one-click installation

Verified authorvercel-labs
SKILLS.SH
1.5M19.6K
2026-05-22
vercel-react-best-practices
3/3

React and Next.js performance optimization guide with 64 prioritized rules across 8 categories. Organized by impact level, from critical waterfalls and bundle optimization down to advanced patterns, each rule includes incorrect/correct code examples and explanations Covers eight domains: async patterns, bundle size, server-side caching, client-side data fetching, re-render optimization, rendering performance, JavaScript efficiency, and advanced patterns Designed for use during component writing, code review, refactoring, and performance audits on React and Next.js applications Each rule has a prefix code (e.g., async-parallel , bundle-barrel-imports ) for easy reference in automated tooling and documentation

Verified authorvercel-labs
SKILLS.SH
389K26.9K
2026-05-22
azure-validate
2/3

Pre-deployment validation for Azure infrastructure, configuration, and permissions before deployment. Requires .azure/plan.md from a prior azure-prepare run; stops immediately if the plan is missing Executes recipe-specific validation commands (azd provision, bicep build, terraform validate) and records proof in the plan document Performs build verification, configuration checks, and permission validation; blocks deployment if any check fails Only authorized method to set plan status to Validated ; must be followed by azure-deploy skill to execute the actual deployment

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22
appinsights-instrumentation
3/3

Guidance and reference material for instrumenting webapps with Azure Application Insights. Covers SDK setup, telemetry patterns, and configuration for ASP.NET Core and Node.js applications hosted in Azure Distinguishes between this skill (reference and guidance) and azure-prepare (actual implementation); invoke azure-prepare when the user wants to add instrumentation to their project Provides auto-instrumentation guidance for C# ASP.NET Core apps in Azure App Service, plus manual instrumentation paths for creating App Insights resources via Bicep templates or Azure CLI Includes language-specific code modification guides for ASP.NET Core, Node.js, and Python, plus quick references for OpenTelemetry SDKs and exporters

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card