I have exactly the same issue. I've successfully notarized previous versions of my jpackage generated dmg (which contains my app jar as well as some third party jars and my app jar, in turn, contains some Mac, Linux, and Windows executables. Even though there have been no changes, the notarytool now marks my submission as invalid. When I look at the log, it looks like each Mac executable in my jar are marked with three errors:
The binary is not signed with a valid Developer ID certificate
The signature does not include a secure timestamp.
The executable does not have the hardened runtime enabled.
The errors are correct - I never did any of those things with these embedded executables. But until recently (is it perhaps the move to macOS 18??) the notary tool never rejected my dmg because of these.
twolf2919
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
From
Hillsborough, NC