This is odd. Have you tried creating a dummy Swift project (choose one of Xcode's starter template projects that uses Swift) then code-sign and notarize it using the same pipeline that you use for your normal app? This is to eliminate the issues coming from your developer account or your system. A sample project should get notarized just fine and run without gatekeeper issues.Furthermore I see that you're using a .zip file as your end product. As these can't be stapled (i.e. have embedded notarization results), is it possible to switch to either .dmg or .pkg distribution instead? Then staple the notarization results before you validate it using spctl.It is also possible that the notarization result was not yet available to Gatekeeper when you run spctl. That is, notarization talks to server A whereas Gatekeeper talks to server B. In turn A haven't told B of your just-notarized package. If you staple the notarization results into your redistributable product, Gatekeeper won'
Topic:
Code Signing
SubTopic:
General
Tags: