Python app on macOS App Store

Hello,

TLDR; Are there any guidelines (Apple or 3rd party) to deploy a Python + QT + PyInstaller app on macOS App Store?

Why should we have one? Python is currently the most popular language, QT is the most popular desktop app platform to use with Python and PyInstaller is pretty much the only game in town to package this type of app for macOS.

Problem: By following the guidance on several forums and many sleepless nights we were able to package and notarize the app. However, when we submit the .pkg for review using Transporter we get ~200 signature errors in an email like the below. Pretty much for all .so .dylib files except ours where we individually signed with a script as recommended.

We are aware of the famous "Signing a Mac Product For Distribution" forum post, yet we don't know how not to use --deep to sign since we use several popular 3rd party libraries from PyPi (pip install) and leaving out --deep will even prevent notarization. And clearly, --deep is not working for the App Store scenario.

A solution that comes to mind is to write a script and create a complex 3rd party library dependency graph (200+) so we can sign them inside out in the perfect order. We don't believe this is a a feasible option.

Are we missing something? any help is appreciated..

Thanks, Hakan

Sample error messages:

ITMS-90238: Invalid Signature - The executable at path MyApp.app/Contents/MacOS/pandas/_libs/algos.cpython-39-darwin.so has following signing error(s): valid on disk /Volumes/data01/app_data/awf/mz_5486667331891756409dir/mz_14480180029087919630dir/com.company.app.pkg/Payload/MyApp.app/Contents/MacOS/pandas/_libs/algos.cpython-39-darwin.so: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) . Refer to the Code Signing and Application Sandboxing Guide at ... at ... for more information.

ITMS-90238: Invalid Signature - The executable at path MyApp.app/Contents/MacOS/PyQt5/Qt5/plugins/imageformats/libqico.dylib has following signing error(s): valid on disk /Volumes/data01/app_data/awf/mz_5486667331891756409dir/mz_14480180029087919630dir/com.company.app.pkg/Payload/MyApp.app/Contents/MacOS/PyQt5/Qt5/plugins/imageformats/libqico.dylib: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) . Refer to the Code Signing and Application Sandboxing Guide at ... and Technical Note 2206 at ... for more information.