My .pkg is being rejected after notarize it

Code Signing General
SrCobranza OP
Created Apr ’20
Replies 3
Boosts 0
Views 618
Participants 2

I'm notarizing my .pkg installer and even stapling the ticket after, but I still get rejected after checking it with the following command:


spctl -vvv --assess --type install path/to/my/notarized.pkg

path/to/my/notarized.pkg: rejected
origin=3rd Party Mac Developer Installer: My Certificate Name (XXXXXXXXX)


My pkg is being created with the "packages" app and then signed using pkgutils. Then it's notarized and after the success response from Apple I'm stapling the ticket into it. The pkg contains an app that is also signed of course.


How can I find more information about what's going on? Is there a log somewhere?


Thanks in advance.

Replies  3
Boosts  0
Views  618
Participants  2
DTS Engineer OP
Apple
Apr ’20 
origin=3rd Party Mac Developer Installer

Hmmm, that’s not good. That’s a Mac App Store certificate name. If you plan to distribute independently, you need to sign with a Developer ID signing identity, whose name is of the form 

Developer ID Installer: TTT
, where 
TTT
identifier your team.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
SrCobranza OP
May ’20

Ok, I'm not sure if this is on purpose or it's a bug, but I don't see that option even if I have the "Admin" role. The person who created the Team is able to see the option to create that type of certificate. I share it just in case someone runs into the same issue. In my case, because of not having the correct option, I ended up using a wrong certificate...


0
DTS Engineer OP
Apple
May ’20

The person who created the Team is able to see the option to create that type of certificate.

Indeed. This is in line with the big table in Apple Developer Program Roles.

The reason for this is that a Developer ID signing identity allows you to sign code for your team without any mediation, and thus access to these signing identities is extremely limited.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
My .pkg is being rejected after notarize it
First post date Last post date
 
 
Q