jaredh159
commented
1 year ago ran into something similar, had a notarized .app file, gatekeeper and spctl were fine with it, but when i created a dmg using this tool, (and i included code-signing info in the config), the app that was packaged into the .dmg was no longer signed correctly, and was rejected.
never figured it out (yet), but my hunch is that there is something about the code signing here that is not right, because i used a free trial of the app "DropDMG", and it's dmg worked perfectly.
my app has sparkle embedded in it, and also a system extension, i'm wondering if there is something about deep or the --deep codesigning flag that needs to be implemented here... if i figure it out, i'll post back here.
I using this library to create my custom DMG which contains a PKG (singed) and an APP (signed); DMG can created but my PKG and APP lost signature. How could I fix this issue?