We have a macOS application packaged as a .pkg file. To notarize it, we first code-sign individual library folders and the .app bundle using the following command: codesign --force --deep --sign "Developer ID Application: <Our Account Name>, LLC (Team ID)" "Our_product.app" Code Sign result for .app file: Our_prodcut.app: valid on disk Our_product.app: satisfies its Designated Requirement We are using packages tool to create .pkg file with code signed .app file. Steps followed once .pkg file is ready: 1. Product Sign: productsign -sign "Developer ID Installer: <Our Account Name>" output.pkg signed-output.pkg 2. Submit for notorization: `xcrun notarytool submit signed-outout.pkg --keychain-profile "notarytool-password" --wait Received following output: Current status: Accepted................................. Processing complete id: 2d5c450f-5b22-4b4d-9579-ef21c0356548 status: Accepted Transferred Notarization log: xcrun notarytool log 10169892-b28c-407c-b348-edab0b34ef34 --keychain-profile "notarytool-password" Desktop/developer_log_6.json We have observed log with "Accepted" status with issues as "null". 3. Stapler: stapler staple signed-output.pkg stapler validate signed-output.pkg Processing: signed-output.pkg The validate action worked! 4. Checking status of .pkg file: Command: spctl --assess --verbose=4 signed-output.pkg Output: signed-output.pkg: rejected source=no usable signaturess Warning During Installation: While installing the .pkg file, a security warning appears as follows. Please help us to resolve this.