we code-sign all executables, the .app and then the final installer (pkg). It works on previous MacOS versions, but sadly, users on MacOS Catalina get the message that the package is from an unidentified developer. I tried to find what's going on and used pkgutil and spctl on Catalina. This is the result:
But sadly, Gatekeeper says he does not like it and rejects:
Any idea what might be wrong here? The certificate is good until 2022 and no errors during signing.
I don't want to tell users to right click and "open" the setup from Finder. I also do not want them to turn off Gatekeeper. This are workarounds only, but is there a chance to sign it the way it is accepted by MacOS Catalina? Or how to find out why it rejects it?
The reason was the missing notarization. After notarization, the issues were solved.