Notarizing a packaged app invalid signature

Code Signing Notarization
andrewthedev
andrewthedev OP
Created Jan ’21
Replies 2
Boosts 0
Views 532
Participants 2
The steps followed were:

  • Signed the .app

  • Notarized the .app inside a .zip

  • Unpacked the .zip

  • Stapled the .app

  • Created a package using Packages

  • Sign the package

  • Notarize the package (both as .pkg and .zip)

The result of the final step always comes out to:

Code Block 
{
  "logFormatVersion": 1,
  "status": "Invalid",
  "statusSummary": "Archive contains critical validation errors",
  "statusCode": 4000,
  "issues": [
    {
      "severity": "error",
      "code": null,
      "path": "App_Signed.pkg.zip/App Signed.pkg/App.pkg Contents/Payload/Applications/App.app/Contents/MacOS/App",
      "message": "The signature of the binary is invalid.",
      "docUrl": null,
      "architecture": "x86_64"
    }
  ]
}


I read a number of forum posts and guides and this seems to take a hold of all the requirements. Did I miss something?
Replies  2
Boosts  0
Views  532
Participants  2
andrewthedev
andrewthedev OP
Jan ’21
Running 
Code Block 
codesign -vvv --deep --strict /Applications/App.app


Returns
Code Block 
/Applications/App.app: code object is not signed at all
In subcomponent: /Applications/App.app/Contents/MacOS/System.ServiceModel.Web.dll

0
Etresoft
Etresoft OP
Jan ’21
Sorry, but none of that makes sense. It sounds like you are going through a lot of effort to a make a simple process difficult. And what is "System.ServiceModel.Web.dll"? Silverlight? .NET? I suggest you ask Microsoft. Nobody here has any idea about that stuff.
0
Notarizing a packaged app invalid signature
First post date Last post date
 
 
Q