AW: notarizing DMG fails

toolbook at toolbook at
Tue May 4 06:08:34 EDT 2021

Hi Matthias,

thank you for your ideas. I tried both.

When using just signed, but not notarized apps, packing, signing the pkg,
wrapping into dmg, signing the dmg, I get the same error when notarizing the
dmg "The binary is not signed"

When trying to notarize the signed pkg via terminal I get the error:
"unable to  notarize app"
"Upload succeeded but did not receive a RequestedUUID. Unable to upload your
app for notarization (-1018)"

I also tried to use the "Installer" certificate instead of the "Application"
certificate, but trying this with codesigning the package, I get the error
"this identitiy cannot be used"
(actually I don't know for what purposes you can use the Installer

Codesigning and notarizing the apps works fine ...

Perhaps I'll look for another packager and go testing with another packager.

Any other ideas?

-----Ursprüngliche Nachricht-----
Von: use-livecode <use-livecode-bounces at> Im Auftrag von
matthias rebbe via use-livecode
Gesendet: Dienstag, 4. Mai 2021 10:34
An: How to use LiveCode <use-livecode at>
Cc: matthias_livecode_150811 at
Betreff: Re: notarizing DMG fails

Hi Tiemo,

but you did not create a .pkg from the a notarized app, did you?

You have to create and code sign a .pkg from the code signed, but not
notarized, .app  and then you have to notarize only the .pkg or the code
signed .dmg, if you want to distribute as .dmg.
So the steps are

1. code sign your .app - do not notarize it!
2. create a .pkg from the .app and code sign it 3. if you want to distribute
as dmg, create .dmg with the .pkg and code sign the .dmg 4. notarize the
.pkg (or the .dmg)

The staple process then writes the needed information to the .dmg, to the
containing .pkg and the .app.

If these are the steps you've done already, then could you please try the
following using the helper stack

1. code sign .app
2. notarize the .app using the '.zip method'

Is this successful? Then the problem does not rely on your .app. 
In this case please repeat and code sign the .app using the helper stack and
use the .dmg method

Is this successful? If so, then also the .dmg is fine

Repeat now manually, as .pkg is not supported by the helper stack.

1. code sign .app
2. create .pkg
3. code sign .pkg
4. notarize .pkg

Is this successful?



Matthias Rebbe
Life Is Too Short For Boring Code

> Am 04.05.2021 um 09:47 schrieb Tiemo via use-livecode
<use-livecode at>:
> Hello,
> I have signed and notarized several apps with Matthias tool - 
> successful
> Then I packaged theses apps with Packages and signed the package via 
> terminal - successful
> Then I  put the pkg into a dmg via DMG canvas and signed the dmg via 
> terminal - successful
> Then I uploaded the dmg for notarization via terminal. The upload was 
> successful, but the email from apple told me, that the upload was not 
> notarized and the logfile tells me:
> Severity: Error
> Path: "DGSlern_Update_1.0.0.4.dmg/DGS Lernprogramm Update .pkg"
> Message: The binary is not signed
> This is a bit irritating. Has anybody anytime encountered such 
> conflicting messages?
> Any idea, where to look for?
> Thanks
> Tiemo
> _______________________________________________
> use-livecode mailing list
> use-livecode at
> Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:

use-livecode mailing list
use-livecode at
Please visit this url to subscribe, unsubscribe and manage your subscription

More information about the use-livecode mailing list