Codesigning app with hardened runtime (no exceptions), packing it into a dmg (unsigned) and notarizing/stapling the dmg. Xcode 11.2, macOS 10.15.2.
All steps of codesigning and notarization/stapling are successful, without any warnings or issues.
Upload of dmg to website, download through browser and installing the app from dmg.
Still after this, spctl says:
my.app/: accepted
source=Notarized Developer ID
origin=Developer ID Application: Qlucore AB (3HJ98U983V)
But when I try to start the same app, I get a dialog saying:
<app> cannot be opened because the developer cannot be verified.
Any suggestions on how to move the investigation forward would be much appreciated.