In your Developer Apple account, go to "Certificate, IDs and profilers" > identifiers and create a new bundle ID in this section with the +

Try this command : xcrun altool --notarization-info <Your RequestUUID" --username "***@***.**" --password "***-***-****-****"

To be clearer, in the next, that's the logurl : "logFormatVersion": 1, "jobId": "*********", "statut": "Invalide", "statusSummary": "L'archive contient des erreurs de validation critiques", "statusCode": 4000, "archiveFilename": "JFSE_signed.pkg", "date de téléchargement": "2021-06-16T08:06:21Z", "sha256": "*********", "ticketContents": null, "questions": [ { "gravité": "avertissement", "code": nul, "path": "JFSE_signed.pkg/JFSE.pkg Contents/Payload/Applications/MEDI2000/KIT_JFSE_MAC.zip/JFSE/Lecteur/gestionlecteursv.app/Contents/Java/clm-aat-client.jar/models/accuseDepot.odt" , "message": "b'warning [/tmp/tmpkqfjw8es/clm-aat-client.jar.unpacked_00/models/accuseDepot.odt] : 7691 octets supplémentaires au début ou dans le fichier zip\\n (en essayant de traiter quand même)\\ nerror [/tmp/tmpkqfjw8es/clm-aat-client.jar.unpacked_00/models/accuseDepot.odt] : début du répertoire central introuvable ;\\n fichier zip corrompu.\\n (veuillez vérifier que vous avez transféré ou créé le zip dans le\\n mode BINARY approprié et que vous avez correctement compilé UnZip)\\n'", "docUrl": null, "architecture": null }, { "gravité": "erreur", "code": nul, "path": "JFSE_signed.pkg/JFSE.pkg Contents/Payload/Applications/MEDI2000/KIT_JFSE_MAC.zip/JFSE/Lecteur/gestionlecteursv.app/Contents/MacOS/JavaAppLauncher", "message": "La signature du binaire est invalide.", "docUrl": null, "architecture": "i386" }, { "gravité": "erreur", "code": nul, "path": "JFSE_signed.pkg/JFSE.pkg Contents/Payload/Applications/MEDI2000/KIT_JFSE_MAC.zip/JFSE/Lecteur/gestionlecteursv.app/Contents/MacOS/JavaAppLauncher", "message": "La signature du binaire est invalide.", "docUrl": null, "architecture": "x86_64" }, { "gravité": "erreur", "code": nul, "path": "JFSE_signed.pkg/JFSE.pkg Contents/Payload/Applications/MEDI2000/KIT_JFSE_MAC.zip/JFSE/Lecteur/gestionlecteursv.app/Contents/PlugIns/jdk-11.0.2.jdk/Contents/MacOS/libjli. dylib", "message": "La signature du binaire est invalide.", "docUrl": null, "architecture": "x86_64" }, { "gravité": "erreur", "code": nul, "path": "JFSE_signed.pkg/JFSE.pkg Contents/Scripts/UserInputQuery.app/Contents/MacOS/SurgicaTools", "message": "L'exécutable n'a pas le runtime renforcé activé.", "docUrl": null, "architecture": "x86_64" } ] } Like you can see, in my .pkg, there are 2 .app who makes problem. So, How I can fix this ?

Yes that's, In Log the path point a .app but how I can fixe this problem ?

I have found how having a primary bundle id but now when I Execute this command I Have this problem :      Date: 2021-06-14 08:52:55 +0000      Hash: ************   LogFileURL: ********   RequestUUID: **********     Status: invalid   Status Code: 2 Status Message: Package Invalid And in Logfilurl, I have this error message : début du répertoire central introuvable ;\n fichier zip corrompu.\n (veuillez vérifier que vous avez transféré ou créé le zip dans le\n mode BINARY approprié et que vous avez correctement compilé UnZip)\n'"," start of central directory not found; \ n corrupted zip file. \ n (please check that you created or created the zip in the correct \ n BINARY mode and compiled UnZip correctly) \ n '",

I have found how having a primary bundle id but now when I Execute this command I Have this problem :           Date: 2021-06-14 08:52:55 +0000           Hash: ************     LogFileURL: ********    RequestUUID: **********         Status: invalid    Status Code: 2 Status Message: Package Invalid And in Logfilurl, I have this error message : "début du répertoire central introuvable ;\n fichier zip corrompu.\n (veuillez vérifier que vous avez transféré ou créé le zip dans le\n mode BINARY approprié et que vous avez correctement compilé UnZip)\n'"," start of central directory not found; \ n corrupted zip file. \ n (please check that you created or created the zip in the correct \ n BINARY mode and compiled UnZip correctly) \ n '",

Yes I download a new version of Xcode and it's work --Notarize-app but.. My Last question is : Where do you have the --primary-bundle-id ?

Yes I notarize my installer package

I think I resolved that because it's the same package but now he is signed, but I have an another problem. When I used language pkgutil --check-signature "name".pkg I saw : Developer ID Installer : "Name" ("code") Developer ID Certification Authority Apple Root CA My .pkg is signed but now, when I put my .pkg on my website for download it, I have already this message : cannot open because apple cannot verify it for malware I don't understand why then that my .pkg is, normally, signed. How I can be a Verify Developer for don't having this message ?

I have a new message, indeed, I copy/paste the Command Security find ID (Developer ID's) on my productsign command et Now I have this message : An application signing identity (not an installer signing identity) is required for signing bundle-style products. Do you have solution for this ?

I have again the same error, I used the long hex string before "Developer ID ...." when I execute your command

Now I use pkgbuild to create my own pkg with a command line but I have, again, the same error

Yes I run productsign in the same Terminal Window as I run security find-identity but nothing change...

Yes, with your command I find my certificate in "valid identities" but I can't, already, signed my package (the .pkg's file) with this certificate. How I can do this ? I used this command : productsign --sign "Developer ID Installer: Name_of_developer_ID (Number_of_DeveloperID)" name_uncertfied.pkg name_certified.pkg and I have this answer : Product sign: error: Could not find appropriate signing identity for "Developer ID Installer: (**)"  Thanks for your help.