Tiemo, you can create 2 different installer certificates in you Apple developer account. One is called 'Mac Installer Distribution' and is used for code signing installers for the Mac App Store. The other one is called 'Developer ID Installer' and is used to code sign your Installer Package for distribution outside of the Mac App Store
Which one did you use for signing the packager? And another question, how did you build the package? Did you use a 3rd party tool or did you use 'productbuild' in Terminal? If you used a 3rd party tool, then could you please try to create the package installer using terminal command? productbuild --sign <Developer ID Installer signing identity> --component <path_to_your_App> /Applications <path_of_the_packager> example productbuild --sign "Developer ID Installer: Matthias Rebbe (xxxxxxxxxxxxx)" --component "/users/matthias/LC/builts/test/test.app" /Applications "/users/matthias/downloads/MyPackager.pkg" But maybe it was just the wrong installer certificate Regards Matthias - Matthias Rebbe Life Is Too Short For Boring Code > Am 04.05.2021 um 12:08 schrieb Tiemo via use-livecode > <use-livecode@lists.runrev.com>: > > Hi Matthias, > > thank you for your ideas. I tried both. > > When using just signed, but not notarized apps, packing, signing the pkg, > wrapping into dmg, signing the dmg, I get the same error when notarizing the > dmg "The binary is not signed" > > When trying to notarize the signed pkg via terminal I get the error: > "unable to notarize app" > "Upload succeeded but did not receive a RequestedUUID. Unable to upload your > app for notarization (-1018)" > > I also tried to use the "Installer" certificate instead of the "Application" > certificate, but trying this with codesigning the package, I get the error > "this identitiy cannot be used" > (actually I don't know for what purposes you can use the Installer > certificate) > > > Codesigning and notarizing the apps works fine ... > > Perhaps I'll look for another packager and go testing with another packager. > > Any other ideas? > Tiemo > > > -----Ursprüngliche Nachricht----- > Von: use-livecode <use-livecode-boun...@lists.runrev.com> Im Auftrag von > matthias rebbe via use-livecode > Gesendet: Dienstag, 4. Mai 2021 10:34 > An: How to use LiveCode <use-livecode@lists.runrev.com> > Cc: matthias_livecode_150...@m-r-d.de > Betreff: Re: notarizing DMG fails > > Hi Tiemo, > > but you did not create a .pkg from the a notarized app, did you? > > You have to create and code sign a .pkg from the code signed, but not > notarized, .app and then you have to notarize only the .pkg or the code > signed .dmg, if you want to distribute as .dmg. > So the steps are > > 1. code sign your .app - do not notarize it! > 2. create a .pkg from the .app and code sign it 3. if you want to distribute > as dmg, create .dmg with the .pkg and code sign the .dmg 4. notarize the > .pkg (or the .dmg) > > The staple process then writes the needed information to the .dmg, to the > containing .pkg and the .app. > > If these are the steps you've done already, then could you please try the > following using the helper stack > > 1. code sign .app > 2. notarize the .app using the '.zip method' > > Is this successful? Then the problem does not rely on your .app. > In this case please repeat and code sign the .app using the helper stack and > use the .dmg method > > Is this successful? If so, then also the .dmg is fine > > Repeat now manually, as .pkg is not supported by the helper stack. > > 1. code sign .app > 2. create .pkg > 3. code sign .pkg > 4. notarize .pkg > > Is this successful? > > Regards, > > Matthias > > > > > > > - > Matthias Rebbe > Life Is Too Short For Boring Code > >> Am 04.05.2021 um 09:47 schrieb Tiemo via use-livecode > <use-livecode@lists.runrev.com>: >> >> Hello, >> >> >> >> I have signed and notarized several apps with Matthias tool - >> successful >> >> Then I packaged theses apps with Packages and signed the package via >> terminal - successful >> >> Then I put the pkg into a dmg via DMG canvas and signed the dmg via >> terminal - successful >> >> Then I uploaded the dmg for notarization via terminal. The upload was >> successful, but the email from apple told me, that the upload was not >> notarized and the logfile tells me: >> >> >> >> Severity: Error >> >> Path: "DGSlern_Update_1.0.0.4.dmg/DGS Lernprogramm 1.0.0.4 Update .pkg" >> >> Message: The binary is not signed >> >> >> >> This is a bit irritating. Has anybody anytime encountered such >> conflicting messages? >> >> Any idea, where to look for? >> >> Thanks >> >> Tiemo >> >> >> >> >> >> >> >> >> >> >> >> _______________________________________________ >> use-livecode mailing list >> use-livecode@lists.runrev.com >> Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: >> http://lists.runrev.com/mailman/listinfo/use-livecode > > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
