Any advantage to stapling contents of a flat installer package prior to building it, when itself already stapled?

As part of a custom notarization workflow, I am currently submitting a flat installer package which contains a number of different components (app, frameworks, loadable bundles, etc.). This package does not contain any loadable code such as KEXTs that seems to have its own stricter set of rules.


So here is the workflow:

1) Upload the flat PKG via altool

2) Wait for the ticket to be ready

3) Staple the same PKG


This seems like a straighforward workflow, but other posts in the forum suggest that one might have to do this instead:


1) Upload all apps that you plan to eventually include in the PKG via altool

2) Wait for the ticket to be ready

3) Staple apps

4) Build flat PKG

5) Upload flat PKG via altool

6) Wait for the ticket to be ready

7) Staple the PKG


Is it even necessary to go through the extra steps? Is there any benefit to stapling an app that is installed via a stapled installer?

Up vote post of FxFactory Down vote post of FxFactory
966 views
Posted by
FxFactory
Reply
Add a Comment

Replies

When dealing with container formats that support stapling, like a 

.dmg
or a 
.pkg
, our general advice is that you notarise and staple just the outermost container. The notarisation system should find all the enclosed code, looking inside nested containers if necessary.

I recommend that, after you successfully notarise your product, you fetch the 

LogFileURL
and double check that this worked correctly.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Thank you, this is great news since it cuts waiting time tremendously.

Posted by
FxFactory
Up vote reply of FxFactory Down vote reply of FxFactory
Add a Comment