Post not yet marked as solved
I have the same problem in macOS 10.15.4. Did you find a solution (or perhaps you had an answer from a DTS that you can share) ?
And just to update this thread: I tested the suggested workaround, i.e. set this in my preinstallif [[ `/usr/bin/sw_vers -productVersion` == 10.14.5 ]]; then
/usr/sbin/spctl -a -vvv -t install "$PACKAGE_PATH"; fiand it actually works (I can install my kext via an unquarantined pkg on an offline machine), so it's great.
Hi haikeeba !Thank you for your message.So I thought my problem was solved because I fixed a bogus CFBundleExecutable on my "master" bundle, but then I guess it's just because you corrected the problem.---"Same thing for a pkg. There's no need to notarize internal components separately in most cases."We are a bit moving away from the original subject, but my first guess was "if I notarize my pkg and staple the notarization ticket to the pkg, then the installer will automatically validate / staple notarization ticket to inner elements, like my kext, when installing".So it's what I tried to do in the first place : I notarized only the pkg, and then stapled the notarization ticket to the pkg. But then the kext was not loadable when installing on an offline machine (it was working fine when online).So I decided to :- Notarize the elements to be installed.- Staple notarization tickets to them.- Create a pkg with this stapled elements.- Notarize the final pkg (this step is not really necessary in this scenario, but my idea was that it will be necessary, soon or later, to have notarized pkg files to be able to install them - some proactivity).This scenario actually fixed the problem (kext could be loaded even when installed on an offline machine).If it's supposed to work without stapling notarization tickets to inner elements of the pkg (only the pkg itself), then I guess there is a bug somewhere ? I see there is something about this in the 10.14.5b5 release note (related to ticket 50205533). I guess it's related to my scenario ? When I tested it, the resulting pkg was not downloaded (so no quarantine flag).I will try to use the suggested workarounds (or wait for a fix on macOS, if it's planned to fix it).---I agree on the zip, it was just a facility, in our build process, to do the double notarization to fix the offline problem.
