Hi there, I've been working on a JUCE audio plugin project and have created an installer for the demo to release to the public outside of the App Store.
I have built the various forms of the plugin in Xcode (standalone, AU, vst3) and have the automatic signing set up with a Developer ID Application certificate. I have been using WhiteBox Packages to create the installer to install the AU component and the vst3 on a user's computer. I can successfully sign the installer with a Developer ID Installer certificate but when I submit it for notarization, the status returns as "invalid". When looking at the Notarytool log, it says that the binary is not signed with a valid Developer ID certificate for all versions of the plugin (for AU & vst3, and both architectures, arm64 & x86_64, as well).
I can use codesign and pkgutil to confirm that the files and installer are both signed including the contents within both the AU and vst3 bundles, but the notarization still fails. I have tried to notarize just a zipped version of the plugin but that fails too. In the Customizing The Notarization Workflow documentation, it is mentioned that custom third-party installers need two rounds of notarization. I'm assuming Packages is a custom third-party installer but I don't see how two rounds of notarization is possible when I can't even notarize a zipped version of the plugin.
I am still new to Xcode and Apple Developer so there is a possibility that it's something I missed or didn't do. I've read through quite a few other posts on both this forum and the JUCE forum about similar problems but I haven't found a solution that has worked so if anyone has any ideas on how to potentially get my installer notarized, I'd greatly appreciate the advice. Thanks.