Hi,
we are sending MacOS apps packaged in a ZIP archive or DMG disk image to the Notary Service.
Before we send the app for notarization, we check the code signature via command
codesign -vvv --deep --strict /path/to/app_or_bundle
The result is positive and it does not provide any gaps. (And yes, we are following the inside out code signing approach, mentioned at Using the codesign Tool's --deep Option Correctly)
Unfortunately, the result of the Notary service provided that one file has no signature, which was not detected by the signature verification command.
The path of the binary was in
<app_name>.app.zip/<app_name>.app/Contents/Resources/inst/<binary>
How I can be verify like a the Notary service does it on our side?
Best regards, Stefan