We have a macOS application packaged as a .pkg file. To notarize it, we first code-sign individual library folders and the .app bundle using the following command: codesign --force --deep --sign "Developer ID Application: <Our Account Name>, LLC (Team ID)" "Our_product.app" Code Sign result for .app file: Our_prodcut.app: valid on disk Our_product.app: satisfies its Designated Requirement We are using packages tool to create .pkg file with code signed .app file. Steps followed once .pkg file is ready: 1. Product Sign: productsign -sign "Developer ID Installer: <Our Account Name>" output.pkg signed-output.pkg 2. Submit for notorization: `xcrun notarytool submit signed-outout.pkg --keychain-profile "notarytool-password" --wait Received following output: Current status: Accepted................................. Processing complete id: 2d5c450f-5b22-4b4d-9579-ef21c0356548 status: Accepted Transferred Notarization log: xcrun notarytool log 10169892-b28c-407c-b348-edab0b34ef34 --keychain-profile "notarytool-password" Desktop/developer_log_6.json We have observed log with "Accepted" status with issues as "null". 3. Stapler: stapler staple signed-output.pkg stapler validate signed-output.pkg Processing: signed-output.pkg The validate action worked! 4. Checking status of .pkg file: Command: spctl --assess --verbose=4 signed-output.pkg Output: signed-output.pkg: rejected source=no usable signaturess Warning During Installation: While installing the .pkg file, a security warning appears as follows. Please help us to resolve this.

I have two macOS applications: Application A, named My App.app with the bundle ID com.comp.myapp, and Application B, named My App.app with the bundle ID com.comp.myapp2. Both applications have the same name. Application A is installed at /Applications/My App.app. When I run the installer for Application B, it gets installed in a folder at /Applications/My App.localized/My App.app. Even if I remove Application A using the preinstall script of Application B's installer, the result remains the same. Does the installer determine the installation path with the new folder before the preinstall script executes? How can it be addressed so the new folder will not be created? Notes: We have a composite package that contains multiple components. Instead of just running pkgbuild, we use our own components.plist rather than a synthesized one. The components.plist is attached. The PackageInfo for Application B is also attached. components.plist PackageInfo packageInfo.xml components.plist

Is it possible to determine the location of the pkg file being ran from inside of an InstallerJS block? If so what would the function invocation be?