Was under the impression that all executable components needed to be signed with the same certificate as the bundle. However I've just encountered a recently Notarized application where that isn't the case.
These components are in the "/Contents/Resources/" folder of the main bundle. While I can suggest the developer to sign these with the same identity and move them to a more suitable location.
It would appear that codesign, GateKeeper and Notarization has accepted these.
Or are these restrictions for the Mac App Store only?
Or are these restrictions for the Mac App Store only?
Yes. The notary service requires that each code item be signed with a valid Developer ID but it does not require:
-
That the Developer ID be the same for all code items
-
That the Developer ID match the team doing the notarisation
The App Store is stricter about this. I’m a little fuzzy on the rules there but I believe the only variance it allows is for specific libraries signed by Apple (like the Swift runtime).
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"