I created a a .pkg installer from my node-js project which I later signed using productsign tool. Then during the notarization step I got the following error:
{
"logFormatVersion": 1,
"jobId": "...",
"status": "Invalid",
"statusSummary": "Archive contains critical validation errors",
"statusCode": 4000,
"archiveFilename": "....pkg",
"uploadDate": "...",
"sha256": "...",
"ticketContents": null,
"issues": [
{
"severity": "error",
"code": null,
"path": ".../keytar.node",
"message": "The binary is not signed.",
"docUrl": null,
"architecture": "x86_64"
},
{
"severity": "error",
"code": null,
"path": ".../keytar.node",
"message": "The signature does not include a secure timestamp.",
"docUrl": null,
"architecture": "x86_64"
}
]
}
Is there any way I can solve this problem?
Should I first sign this library using my "Developer ID Application" certificate?