DMG cannot be opened because the identity of the developer is not identified even after sigining the DMG app stack overflow

Question

I am trying to codesign the DMG application even after the app is signed from apple developer certificate. I am getting error of "DMG cannot be opened because the identity of the developer is not identified" while opening the app from the Application

I tried to sign the complete dmg generated from the appdmg and codesign both the ways

"code-sign": {
  "signing-identity": "Developer ID Application: ******* (4B9GHJ9X43)"
}

Verifying dmg signing from spctl

spctl -a -t open --context context:primary-signature -v **M.dmg
***.dmg: accepted

codesign -v ****.dmg && echo SIGNED! SIGNED! source=Developer ID

Another approach tried is signing the dmg again after the signing the .app

codesign -f -vvvv --strict --deep -s "Developer ID Application: ******* (4B9GHJ9X43)" ****.app
appdmg ./*****.json ./****.dmg
codesign -f -vvvv --strict --deep -s "Developer ID Application: ******* (4B9GHJ9X43)" ****.dmg

But i am still getting the same error

Any pointers on this is highly appreciated

Answer 1

We need to sign all the folders of the Frameworks that we are using inside the app and any dylibs that we generating ***.app/Contents/MacOS

codesign -f -vvvv --strict --deep -s "Developer ID Application: Corporation (****)" ***.app/Contents/MacOS/libncursesw.5.dylib

codesign -f -vvvv --strict --deep -s "Developer ID Application: Corporation (****)" ***.app

This will give you the prompt of your application is downloaded from the Internet do you want to open it and a Open button if are not downloading the DMG from the App Store