User Profile

Hello. We have an app bundle that we package into a .pkg file. We are currently getting an error when notarizing the .pkg artifact. But running all the suggested tool vs the built bundle/package results in validating the bundle/package. We don't know what notarization service is rejecting the pkg. The notarization failure: Notarization Invalid { "logFormatVersion": 1, "jobId": "b26ec329-409e-4a21-88f0-6f924795a6db", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "MY-APP.pkg", "uploadDate": "2021-07-19T17:39:59Z", "sha256": "019c0409eab63e68cfe6323sd2e33715f07c731d5b4192254277ed62db1b6e97d", "ticketContents": null, "issues": [ { "severity": "error", "code": null, "path": "MY-APP.pkg", "message": "The binary is not signed.", "docUrl": null, "architecture": null } ] } Here is the output of codesign -v -vvv --deep --strict MY-APP.app: ... MY-APP.app: valid on disk MY-APP.app: satisfies its Designated Requirement Output of pkgutil --check-signature MY-APP.pkg : Package "MY-APP.pkg": Status: signed by a developer certificate issued by Apple for distribution Signed with a trusted timestamp on: 2021-07-20 08:59:11 +0000 Certificate Chain: 1. Developer ID Installer: MY COMPANY (XXXXXXXXXX) Expires: 2024-06-26 09:35:51 +0000 SHA256 Fingerprint: 3D ... ------------------------------------------------------------------------ 2. Developer ID Certification Authority Expires: 2027-02-01 22:12:15 +0000 SHA256 Fingerprint: 7A ... ------------------------------------------------------------------------ 3. Apple Root CA Expires: 2035-02-09 21:40:36 +0000 SHA256 Fingerprint: B0 .. And the output of spctl -vvv --assess --raw --verbose=10 --type exec MY-APP.app: build/MY-APP.app: accepted origin=Developer ID Application: MY COMPANY (XXXXXXXXXX) <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>assessment:authority</key> <dict> <key>assessment:authority:flags</key> <integer>2</integer> <key>assessment:authority:row</key> <integer>6</integer> <key>assessment:authority:source</key> <string>Developer ID</string> </dict> <key>assessment:originator</key> <string>Developer ID Application: MY COMPANY (XXXXXXXXXX)</string> <key>assessment:remote</key> <true/> <key>assessment:verdict</key> <true/> </dict> </plist> We are blocked at the moment and can't figure out why the notarization service is rejecting the .pkg file due to "binary not signed" error. any suggestions on how to solve this or analyse the root cause of the failure?