Hi. I've read a lot of different topics on forums and websites about software signing and notarization, and there is progress, but I need some help. 1. From the beginning: I am building an application on a Jenkins server and downloading the file 'example_app.dmg'. I am enrolled in the Apple Developer Program. 2. Then I use the command to sign the software: codesign --force --sign "Developer ID Application: name_of_my_certificate_in_keychain (number)" example_app.dmg 3. Checking the status: spctl -a -t open -vvv --context context: primary-signature example_app.dmg Result: example_app.dmg: rejected source = Unnotarized Developer ID origin = Developer ID Application: name_of_my_certificate_in_keychain (number) Why is it rejected? 4. Then notarization: xcrun altool --notarize-app \ --primary-bundle-id "example" \ --username "my_AppleID" \ --password "@keychain: NOTARIZED" \ --file "example_app.dmg" NOTARIZED is in the keychain with the generated password on my Apple account. 5. I get: No errors uploading 'example_app.dmg'. RequestUUID = 'number_of_my_request' 6. I check the notarization status: xcrun altool --notarization-info "number_of_my_request" \ --username "my_AppleID" \ --password "@keychain: NOTARIZED" Result: No errors getting notarization info. Date: 2022-05-10 14:15:35 +0000 Hash: hash_number LogFileURL: link_to_log_file RequestUUID: number_of_my_request Status: invalid Status Code: 2 Status Message: Package Invalid Inside the log_file, a lot of files have a status like: The binary is not signed. The signature does not include a secure timestamp. The executable does not have the hardened runtime enabled. Am I doing something wrong or what can I do better? And how I can make empty line here (this forum)?