I am trying to get a PKG installer through the Apple codesign and notarytool process. When I submit the PKG installer I get a status message of "Invalid" and when I review the log file it has 2 errors. For "status summary" it says: "Archive contains critical validation errors", and for "message" it says" "The binary is not signed".
The installer contains a flat file that is installed in the "Users/Shared" folder via the PKG installer.
Here are the steps I've taken to get the installer through the codesign and notarytool process.
codesign the file that's placed in the "Users/Shared" folder:
codesign --options=runtime --sign 'Developer ID Application: XYZ' -v /Users/.../Documents/folder/"flat file"
which I get a message saying "signed generic".
Create the PKG installer with the signed "flat file".
Sign the PKG installer containing the signed "flat file":
codesign --options=runtime --sign 'Developer ID Application: XYZ' -v /Users/.../Documents/folder/"flat file"
which I get a message saying "signed generic".
Submit the PKG file with notarytool:
xcrun notarytool submit /Users/.../Documents/folder/"flat file" --verbose --apple-id username --password password --team-id ID# --progress
It completes and provides the submission ID.
I check the status and get the error message that it's invalid.
When I check the full details via the log I get the error messages mentioned above.
What am I missing or failing to do?
adminTC
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Post
Replies
Boosts
Views
Activity
I have a file that is a program "add-on" that's a single flat-file that's placed in the "Users/Shared" folder.
Historically, I've been able to code-sign this file with the "Developer ID Application" certificate, then nest it in a DMG file, code-sign the DMG file with the "Developer ID Application" certificate, and then submit for notarization. The issue with this was that users had to undergo manual steps to ensure the file was placed in the correct location.
I then found "Packages" (http://s.sudre.free.fr/Packaging.html) which provide a UI for creating PKG files. I added the "Developer ID Installer" to the Packages preferences for signing the PKG file during the build process. No matter the approach the file never get correctly signed and fails notarization.
I have tried not signing during Packages build, and then performing the certification with Terminal.
"codesign --options=runtime --sign 'Developer ID Installer: XYZ123' -v /path/to/pkg-file"
When I do that I get the error:
"Developer ID Installer: XYZ123: this identity cannot be used for signing code"
From looking at other posts I've tried: security find-identity which returns both of the correct Certificates for Application and Installer. So it is a valid certificate, but it doesn't seem to work. I've also checked on the Apple Developer website to confirm that the certificates are valid and haven't expired.
I've contacted the Packages application support over the last 3-4 days but we still can't seem to figure out what is causing it to fail.
Any help would be really appreicated