Yes, I'm using `--force` and signing inside-out.
Here's the SD Notary logging for signing of the relevant framework (with paths abbreviated):
<pre>
13:48:56.770: Signing ‘.../.../Contents/Frameworks/SMSTableDialogBuilder.framework/Versions/A'...
13:48:57.641: Result for /usr/bin/codesign --force -o runtime --timestamp --entitlements /Users/shane/.../Entitlements.plist --verbose=4 -s Developer ID Application: Shane Stanley (LT9SRJ2NCV) /Users/shane/Desktop/.../Contents/Frameworks/SMSTableDialogBuilder.framework/Versions/A
Termination status: 0
StandardOut: (null)
StandardError: Developer ID Application: Shane Stanley (LT9SRJ2NCV): found in both /Users/shane/Library/Keychains/login.keychain-db and /Users/shane/Library/Application Support/.../PrivateEncryptedDatak (this is all right)
/Users/shane/.../Contents/Frameworks/SMSTableDialogBuilder.framework/Versions/A: replacing existing signature
/Users/shane/.../Contents/Frameworks/SMSTableDialogBuilder.framework/Versions/A: signed bundle with Mach-O thin (x86_64) [au.com.myriad-com.SMSTableDialogBuilder] </pre>
It was successfully notarized, but the LogFileURL contained this:
<pre>
"issues": [
{
"severity": "warning",
"code": null,
"path": ".../Contents/Frameworks/SMSTableDialogBuilder.framework/SMSTableDialogBuilder",
"message": "The signature of the binary is invalid.",
"docUrl": null,
"architecture": "x86_64"
}
]
</pre>