Hi
I have a vst plugin installer package (build with Whitebox Packages v 1.2.6) to be notarized. I get "Notarization is successful" mail from Apple. And also I don't get any error message from any of the process. But when it comes Notarization check - It's been Rejected!
I am following this procedure, am I missing something?
Sign the vst plugins with codesign
Build the .pkg with Whitebox Packages. (I don't use build-in digital signing tool, I use "productsign" in command line)
Signing the .pkg
productsign --sign "Developer ID Installer: XXXXXXX" "/Volumes/Data/Installer v1.1.0.pkg" "/Volumes/Data/Signed/Installer v1.1.0.pkg"Notarization
xcrun altool --notarize-app -f "/Volumes/Data/Signed/Installer v1.1.0.pkg" --primary-bundle-id com.xxxxinstaller.pkg --username "xxxx" --password "xxxx"After a couple of minutes, I get "Notarization is successful" mail from Apple
Time Staple - The staple and validate action worked!
xcrun stapler staple "/Volumes/Data/Signed/Installer v1.1.0.pkg"Till now I don't get any error message from any of these process
Now it's time for checking - Code Sign Check - it is successful - Status: signed by a certificate trusted by Mac OS X
pkgutil --check-signature "/Volumes/Data/Signed/Installer v1.1.0.pkg"But when it comes Notarization check - Rejected!
spctl -a -vvv -t install "/Volumes/Data/Signed/Installer v1.1.0.pkg" /Volumes/Data/Signed/Installer v1.1.0.pkg: rejected
source=Notarized Developer IDWhen I check the log, it says
assessment denied for Installer v1.1.0.pkg com.apple.message.domain: com.apple.security.assessment.outcome2 com.apple.message.signature2: bundle:UNBUNDLED com.apple.message.signature3: Installer v1.1.0.pkg com.apple.message.signature5: UNKNOWN com.apple.message.signature4: 2