User Profile

Hello,I am trying to notarize an application and I am running into an issue after using pkgbuild on the .app. Here are the steps in the build process:1. Generate .app using xcodebuild install2. Sign the .app3. Create component with pkgbuild4. Create installer product with productbuild5. Sign product using productsign6. Add .pkg to .dmg7. Sign .dmg8. Notarize .dmgI codesigned the .app, and verified that it is signed properly. I was able to notarize the .app successfully (done as a test, I am not including the notarized app in the build process). The issue comes after running pkgbuild. After using pkgbuild, RB App Checker Lite shows the following:"Evaluating the folder “55DB092F-7846-4EE8-9AA0-381C2A899086” inside the XAR package.The code signature is unreadable or missing.Error details: “-67028: bundle format unrecognized, invalid, or unsuitable” { The operation couldn’t be completed. (OSStatus error -67028.)}The folder is unsigned."To get more data, I proceeded through the steps anyway and attempted to notarize the dmg, and here is the response:{ "logFormatVersion": 1, "jobId": "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "status": "Invalid", "statusSummary": "Archive contains critical validation errors", "statusCode": 4000, "archiveFilename": "MyApp.dmg", "uploadDate": "2020-02-13T16:07:13Z", "sha256": "9de80d3c39870bb249bbdbfb1f42c9755f22888e069f25d24cfd863373a4b803", "ticketContents": null, "issues": [ { "severity": "error", "code": null, "path": "MyApp.dmg/MyApp.pkg/MyAppComponent.pkg Contents/Payload/Applications/MyCompany/MyApp.app/Contents/MacOS/MyApp", "message": "The binary is not signed with a valid Developer ID certificate.", "docUrl": null, "architecture": "x86_64" }, { "severity": "error", "code": null, "path": "MyApp.dmg/MyApp.pkg/MyAppComponent.pkg Contents/Payload/Applications/MyCompany/MyApp.app/Contents/MacOS/MyApp", "message": "The signature does not include a secure timestamp.", "docUrl": null, "architecture": "x86_64" }, { "severity": "error", "code": null, "path": "MyApp.dmg/MyApp.pkg/MyAppComponent.pkg Contents/Payload/Applications/MyCompany/MyApp.app/Contents/MacOS/libusb-1.0.0.dylib", "message": "The binary is not signed with a valid Developer ID certificate.", "docUrl": null, "architecture": "x86_64" }, { "severity": "error", "code": null, "path": "MyApp.dmg/MyApp.pkg/MyAppComponent.pkg Contents/Payload/Applications/MyCompany/MyApp.app/Contents/MacOS/libusb-1.0.0.dylib", "message": "The signature does not include a secure timestamp.", "docUrl": null, "architecture": "x86_64" }, { "severity": "error", "code": null, "path": "MyApp.dmg/MyApp.pkg/MyAppComponent.pkg Contents/Payload/Applications/MyCompany/MyApp.app/Contents/Frameworks/libswiftAppKit.dylib", "message": "The binary is not signed with a valid Developer ID certificate.", "docUrl": null, "architecture": "x86_64" }, { "severity": "error", "code": null, "path": "MyApp.dmg/MyApp.pkg/MyAppComponent.pkg Contents/Payload/Applications/MyCompany/MyApp.app/Contents/Frameworks/libswiftAppKit.dylib", "message": "The signature does not include a secure timestamp.", "docUrl": null, "architecture": "x86_64" }and continues with this error for all of the .dylibs included in the upload. So to reiterate, I can see that the .app is signed and could be notarized, but the signing seems to be lost or affected after running pkgbuild. Any suggestions would be appreciated. Let me know if you need more information on the build, I'll be happy to provide anything I can.Thanks,Alex