As part of a custom notarization workflow, I am currently submitting a flat installer package which contains a number of different components (app, frameworks, loadable bundles, etc.). This package does not contain any loadable code such as KEXTs that seems to have its own stricter set of rules.
So here is the workflow:
1) Upload the flat PKG via altool
2) Wait for the ticket to be ready
3) Staple the same PKG
This seems like a straighforward workflow, but other posts in the forum suggest that one might have to do this instead:
1) Upload all apps that you plan to eventually include in the PKG via altool
2) Wait for the ticket to be ready
3) Staple apps
4) Build flat PKG
5) Upload flat PKG via altool
6) Wait for the ticket to be ready
7) Staple the PKG
Is it even necessary to go through the extra steps? Is there any benefit to stapling an app that is installed via a stapled installer?