Identity of the developer cannot be confirmed (despite successful notarization)

[devinstasafe]

Maybe I'm missing something here but I added two binaries in the config, it created a dmg and notarized it successfully.

But upon downloading the opening the file, macOS still throws "Identity of the developer cannot be confirmed" error.

Config File

{
  "source": [
    "./macbinaries/binary_amd64",
    "./macbinaries/binary_arm64"
  ],
  "bundle_id": "my.bundle.id",
  "apple_id": {},
  "sign": {
    "application_identity": "Developer ID Application: Company Name (XXXXXXX)"
  },
  "dmg": {
    "output_path": "macbinaries/final.dmg",
    "volume_name": "My Volume"
  },
  "zip": {
    "output_path": "macbinaries/final.zip"
  }
}

Gon Logs

Run gon -log-level=info -log-json notarize.json
{"@level":"info","@message":"executing codesigning","@module":"sign","@timestamp":"2021-07-09T04:49:02.539975Z","command_args":["codesign","-s","Developer ID Application: InstaSafe Technologies Private Limited (9HQMLR4Y69)","-f","-v","--timestamp","--options","runtime","./macbinaries/binary_amd64","./macbinaries/binary_arm64"],"command_path":"/usr/bin/codesign","files":["./macbinaries/binary_amd64","./macbinaries/binary_arm64"]}
==> ✏️  Signing files...
{"@level":"info","@message":"codesigning complete","@module":"sign","@timestamp":"2021-07-09T04:49:04.183436Z","output":"./macbinaries/binary_amd64: signed Mach-O thin (x86_64) [binary_amd64]\n./macbinaries/binary_arm64: replacing existing signature\n./macbinaries/binary_arm64: signed Mach-O thin (arm64) [binary_arm64]\n"}
    Code signing successful
==> 📦  Creating Zip archive...
{"@level":"info","@message":"executing create-dmg for dmg creation","@module":"dmg","@timestamp":"2021-07-09T04:49:05.513820Z","command_args":["create-dmg","--volname","My Volume","--add-file","binary_amd64","./macbinaries/binary_amd64","0","0","--add-file","binary_arm64","./macbinaries/binary_arm64","0","0","macbinaries/final.dmg","/var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/gon655744049"],"command_path":"/var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/createdmg162274202/create-dmg","output_path":"macbinaries/final.dmg"}
    Zip archive created with signed files
==> 📦  Creating dmg...
    This will open Finder windows momentarily.
{"@level":"info","@message":"dmg creation complete","@module":"dmg","@timestamp":"2021-07-09T04:49:27.070153Z","output":"Creating disk image...\ncreated: /Users/runner/work/Go.Tunnel.Pipeline/Go.Tunnel.Pipeline/macbinaries/rw.final.dmg\nMounting disk image...\nUnmounting disk image...\nMount directory: /Volumes/My Volume\nDevice name:     /dev/disk2\nCopying custom files...\n./macbinaries/binary_amd64\n./macbinaries/binary_arm64\nRunning Applescript: /usr/bin/osascript \"/var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/createdmg.tmp.XXXXXXXXXX.cWogccRx\" \"My Volume\"\nwaited 1 seconds for .DS_STORE to be created.\nDone running the applescript...\nFixing permissions...\nDone fixing permissions.\nBlessing started\nBlessing finished\nUnmounting disk image...\n\"disk2\" ejected.\nCompressing disk image...\nPreparing imaging engine…\nReading Protective Master Boot Record (MBR : 0)…\n   (CRC32 $ECB7D5FB: Protective Master Boot Record (MBR : 0))\nReading GPT Header (Primary GPT Header : 1)…\n   (CRC32 $63C3205F: GPT Header (Primary GPT Header : 1))\nReading GPT Partition Data (Primary GPT Table : 2)…\n   (CRC32 $43405599: GPT Partition Data (Primary GPT Table : 2))\nReading  (Apple_Free : 3)…\n   (CRC32 $00000000:  (Apple_Free : 3))\nReading disk image (Apple_HFS : 4)…\n   (CRC32 $B50751FD: disk image (Apple_HFS : 4))\nReading  (Apple_Free : 5)…\n   (CRC32 $00000000:  (Apple_Free : 5))\nReading GPT Partition Data (Backup GPT Table : 6)…\n   (CRC32 $43405599: GPT Partition Data (Backup GPT Table : 6))\nReading GPT Header (Backup GPT Header : 7)…\n   (CRC32 $A0B1B65D: GPT Header (Backup GPT Header : 7))\nAdding resources…\nElapsed Time:  2.645s\nFile size: 7803469 bytes, Checksum: CRC32 $8B860E32\nSectors processed: 77904, 31212 compressed\nSpeed: 5.8Mbytes/sec\nSavings: 80.4%\ncreated: /Users/runner/work/Go.Tunnel.Pipeline/Go.Tunnel.Pipeline/macbinaries/final.dmg\nhdiutil does not support internet-enable. Note it was removed in macOS 10.15.\nDisk image done\n"}
    Dmg file created: macbinaries/final.dmg
{"@level":"info","@message":"executing codesigning","@module":"dmg","@timestamp":"2021-07-09T04:49:27.071756Z","command_args":["codesign","-s","Developer ID Application: InstaSafe Technologies Private Limited (9HQMLR4Y69)","-f","-v","--timestamp","--options","runtime","macbinaries/final.dmg"],"command_path":"/usr/bin/codesign","files":["macbinaries/final.dmg"]}
    Signing dmg...
{"@level":"info","@message":"codesigning complete","@module":"dmg","@timestamp":"2021-07-09T04:49:27.224168Z","output":"macbinaries/final.dmg: signed  []\n"}
    Dmg created and signed
{"@level":"info","@message":"submitting file for notarization","@module":"notarize","@timestamp":"2021-07-09T04:49:27.224782Z","command_args":["xcrun","altool","--notarize-app","--primary-bundle-id","my.bundle.id","-u","***","-p","@env:AC_PASSWORD","-f","macbinaries/final.dmg","--output-format","xml"],"command_path":"/usr/bin/xcrun","file":"macbinaries/final.dmg"}
==> 🍎  Notarizing...
    Files will be notarized concurrently to optimize queue wait
    Path: macbinaries/final.zip
    Path: macbinaries/final.dmg
    [final.dmg] Submitting file for notarization...
{"@level":"info","@message":"notarization submission complete","@module":"notarize","@timestamp":"2021-07-09T04:49:47.291216Z","err":null,"output":"\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"\u003e\n\u003cplist version=\"1.0\"\u003e\n\u003cdict\u003e\n\t\u003ckey\u003enotarization-upload\u003c/key\u003e\n\t\u003cdict\u003e\n\t\t\u003ckey\u003eRequestUUID\u003c/key\u003e\n\t\t\u003cstring\u003e6900e729-981d-4f54-b5cb-57b42a0ff7f0\u003c/string\u003e\n\t\u003c/dict\u003e\n\t\u003ckey\u003eos-version\u003c/key\u003e\n\t\u003cstring\u003e10.15.7\u003c/string\u003e\n\t\u003ckey\u003esuccess-message\u003c/key\u003e\n\t\u003cstring\u003eNo errors uploading 'macbinaries/final.dmg'.\u003c/string\u003e\n\t\u003ckey\u003etool-path\u003c/key\u003e\n\t\u003cstring\u003e/Applications/Xcode_12.4.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework\u003c/string\u003e\n\t\u003ckey\u003etool-version\u003c/key\u003e\n\t\u003cstring\u003e4.029.1194\u003c/string\u003e\n\u003c/dict\u003e\n\u003c/plist\u003e\n\n"}
    [final.dmg] Submitted. Request UUID: 6900e729-981d-4f54-b5cb-57b42a0ff7f0
{"@level":"info","@message":"notarization request submitted","@module":"notarize","@timestamp":"2021-07-09T04:49:47.292044Z","request_id":"6900e729-981d-4f54-b5cb-57b42a0ff7f0"}
    [final.dmg] Waiting for results from Apple. This can take minutes to hours.
{"@level":"info","@message":"submitting file for notarization","@module":"notarize","@timestamp":"2021-07-09T04:49:47.292329Z","command_args":["xcrun","altool","--notarize-app","--primary-bundle-id","my.bundle.id","-u","***","-p","@env:AC_PASSWORD","-f","macbinaries/final.zip","--output-format","xml"],"command_path":"/usr/bin/xcrun","file":"macbinaries/final.zip"}
    [final.zip] Submitting file for notarization...
{"@level":"info","@message":"requesting notarization info","@module":"notarize","@timestamp":"2021-07-09T04:49:57.386890Z","command_args":["xcrun","altool","--notarization-info","6900e729-981d-4f54-b5cb-57b42a0ff7f0","-u","***","-p","@env:AC_PASSWORD","--output-format","xml"],"command_path":"/usr/bin/xcrun","uuid":"6900e729-981d-4f54-b5cb-57b42a0ff7f0"}
{"@level":"info","@message":"notarization info command finished","@module":"notarize","@timestamp":"2021-07-09T04:49:58.452289Z","err":null,"output":"\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"\u003e\n\u003cplist version=\"1.0\"\u003e\n\u003cdict\u003e\n\t\u003ckey\u003enotarization-info\u003c/key\u003e\n\t\u003cdict\u003e\n\t\t\u003ckey\u003eDate\u003c/key\u003e\n\t\t\u003cdate\u003e2021-07-09T04:49:48Z\u003c/date\u003e\n\t\t\u003ckey\u003eRequestUUID\u003c/key\u003e\n\t\t\u003cstring\u003e6900e729-981d-4f54-b5cb-57b42a0ff7f0\u003c/string\u003e\n\t\t\u003ckey\u003eStatus\u003c/key\u003e\n\t\t\u003cstring\u003ein progress\u003c/string\u003e\n\t\u003c/dict\u003e\n\t\u003ckey\u003eos-version\u003c/key\u003e\n\t\u003cstring\u003e10.15.7\u003c/string\u003e\n\t\u003ckey\u003esuccess-message\u003c/key\u003e\n\t\u003cstring\u003eNo errors getting notarization info.\u003c/string\u003e\n\t\u003ckey\u003etool-path\u003c/key\u003e\n\t\u003cstring\u003e/Applications/Xcode_12.4.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework\u003c/string\u003e\n\t\u003ckey\u003etool-version\u003c/key\u003e\n\t\u003cstring\u003e4.029.1194\u003c/string\u003e\n\u003c/dict\u003e\n\u003c/plist\u003e\n\n"}
{"@level":"info","@message":"notarization info","@module":"notarize","@timestamp":"2021-07-09T04:49:58.452556Z","info":{"RequestUUID":"6900e729-981d-4f54-b5cb-57b42a0ff7f0","Date":"2021-07-09T04:49:48Z","Hash":"","LogFileURL":"","Status":"in progress","StatusMessage":""},"uuid":"6900e729-981d-4f54-b5cb-57b42a0ff7f0"}
{"@level":"info","@message":"requesting notarization info","@module":"notarize","@timestamp":"2021-07-09T04:49:58.452901Z","command_args":["xcrun","altool","--notarization-info","6900e729-981d-4f54-b5cb-57b42a0ff7f0","-u","***","-p","@env:AC_PASSWORD","--output-format","xml"],"command_path":"/usr/bin/xcrun","uuid":"6900e729-981d-4f54-b5cb-57b42a0ff7f0"}

....

{"@level":"info","@message":"notarization info","@module":"notarize","@timestamp":"2021-07-09T04:51:28.576004Z","info":{"RequestUUID":"6900e729-981d-4f54-b5cb-57b42a0ff7f0","Date":"2021-07-09T04:49:48Z","Hash":"738becd8f85a9d93dd07b7eff81ebbaa22a3d838590db327bd53d83581fcff0b","LogFileURL":"https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma125/v4/c2/cb/9e/c2cb9e74-1180-e771-681c-0269d14fb598/developer_log.json?accessKey=1626000688_1832227881924069867_Ntd8%2BNw54gpHakJyqB6Qjpvbw1DwwJJTbzBXczK2qqMmJIsjS5z2EB4YnL3CoHeod9r1AzbY7VENsvqTOiohUhIJ7RPx0KLGE59v0X5RF8fIBcUs2bcwNF%2BTAJSvAnOhoJNfCJTRqO4ANJ3%2FgSnneC%2FinKuboxAmir5RM%2Bn%2BSXI%3D","Status":"success","StatusMessage":"Package Approved"},"uuid":"6900e729-981d-4f54-b5cb-57b42a0ff7f0"}
{"@level":"info","@message":"downloading log file for notarization","@timestamp":"2021-07-09T04:51:28.576054Z","request_uuid":"6900e729-981d-4f54-b5cb-57b42a0ff7f0","url":"https://osxapps-ssl.itunes.apple.com/itunes-assets/Enigma125/v4/c2/cb/9e/c2cb9e74-1180-e771-681c-0269d14fb598/developer_log.json?accessKey=1626000688_1832227881924069867_Ntd8%2BNw54gpHakJyqB6Qjpvbw1DwwJJTbzBXczK2qqMmJIsjS5z2EB4YnL3CoHeod9r1AzbY7VENsvqTOiohUhIJ7RPx0KLGE59v0X5RF8fIBcUs2bcwNF%2BTAJSvAnOhoJNfCJTRqO4ANJ3%2FgSnneC%2FinKuboxAmir5RM%2Bn%2BSXI%3D"}
    [final.dmg] Status: success
    [final.dmg] File notarized!
    [final.dmg] Stapling...
{"@level":"info","@message":"executing stapler","@module":"staple","@timestamp":"2021-07-09T04:51:28.790943Z","command_args":["xcrun","stapler","staple","macbinaries/final.dmg"],"command_path":"/usr/bin/xcrun","file":"macbinaries/final.dmg"}
{"@level":"info","@message":"stapling complete","@module":"staple","@timestamp":"2021-07-09T04:51:29.856027Z","file":"macbinaries/final.dmg"}
    [final.dmg] File notarized and stapled!

Notarization complete! Notarized files:
  - macbinaries/final.zip (notarized)
  - macbinaries/final.dmg (notarized and stapled)

Error

What am I missing here?

[devries]

I am also having this issue. Are there any updates or workarounds? I have XCode 13.1 associated tools and gon version 0.2.3. I got this same popup from both the zip and dmg files. The spctl program shows that the dmg is notarized, and the stapler validate command shows the validate action worked.

[mikob]

Had the same issue. I had to add

<key>CFBundlePackageType</key>
<string>APPL</string>

to Info.plist. This thread was useful in helping me debug: https://developer.apple.com/forums/thread/130560