Hi All,
I have followed these steps stil app is showing malware pop up.
1) Signing the dmg with certificate.
codesign --force -o runtime -s "Developer ID Application: XXXX" "path to dmg"
2) Sent for notarisation:-
xcrun altool --notarize-app -f "path to dmg" --primary-bundle-id "bundle identifier" -u "apple id " —p "app specific pwd" --output-format xml
3) After getting notization mail, able to staple the dmg.
xcrun stapler staple "path to dmg"
4) After staple and notraised if i check the dmg and .app after extraction both are notaried and accepted:-
a) .dmg:-
spctl --assess --verbose --type open --context "context:primary-signature" "path to dmg"
output is :-
check.dmg: accepted
source=Notarized Developer ID
b) .app :-
spctl --assess --type execute --verbose --ignore-cache --no-cache "path to app"
output is :-
check.app: accepted
source=Notarized Developer ID
i have uploaded dmg to website and then download then extractedto appplication folder but if i double click the app in application folder.
can you tell where i get wrong with these steps and .app and .dmg both are accepted and notarised.