Currently, for notarization to work correctly all binary contents of a dmg file need to be signed.
In order to achieve this, many project sign the contents individually which is tedious and complicated to setup.
We should support a mode that allows all necessary files inside a dmg file for it to be properly notarized afterwards.
There is the --deep option, but it should not be used according to this FAQ:
Currently, for notarization to work correctly all binary contents of a dmg file need to be signed. In order to achieve this, many project sign the contents individually which is tedious and complicated to setup.
We should support a mode that allows all necessary files inside a dmg file for it to be properly notarized afterwards.
There is the
--deepoption, but it should not be used according to this FAQ:https://developer.apple.com/forums/thread/128166
Projects that do that already in a custom way (currently known):