Notarization of MacOS dmg file install4j v10.0.9

Question

We are notarizing our app (.dmg) for the first time. We updgraded install4j to version 10.0.9 to comply with the notarytool. I have valid Developer id and certificate to codesign and notarize the app. However, notarization is failing with below logs.

{
  "logFormatVersion": 1,
  "jobId": "1c59a34c-a2b3-4dc1-8980-43877411b97d",
  "status": "Invalid",
  "statusSummary": "Archive contains critical validation errors",
  "statusCode": 4000,
  "archiveFilename": "pipes_installer.dmg",
  "uploadDate": "2024-11-13T18:05:08.938Z",
  "sha256": "11c2189082f0a0785f186065358483e92babcc45668fa735d529a6dd190a1be7",
  "ticketContents": null,
  "issues": [
    {
      "severity": "error",
      "code": null,
      "path": "pipes_installer.dmg/pipes Installer.app/Contents/Resources/app/0.dat/updates.zip/jars/libvlc_mac.jar/plugins/libtospdif_plugin.dylib",
      "message": "The binary is not signed.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "pipes_installer.dmg/pipes Installer.app/Contents/Resources/app/0.dat/updates.zip/jars/libvlc_mac.jar/plugins/libtospdif_plugin.dylib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "pipes_installer.dmg/pipes Installer.app/Contents/Resources/app/0.dat/updates.zip/jars/libvlc_mac.jar/plugins/libddummy_plugin.dylib",
      "message": "The binary is not signed.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "pipes_installer.dmg/pipes Installer.app/Contents/Resources/app/0.dat/updates.zip/jars/libvlc_mac.jar/plugins/libddummy_plugin.dylib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "pipes_installer.dmg/pipes Installer.app/Contents/Resources/app/0.dat/updates.zip/jars/libvlc_mac.jar/plugins/libtaglib_plugin.dylib",
      "message": "The binary is not signed.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "pipes_installer.dmg/pipes Installer.app/Contents/Resources/app/0.dat/updates.zip/jars/libvlc_mac.jar/plugins/libtaglib_plugin.dylib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "pipes_installer.dmg/pipes Installer.app/Contents/Resources/app/0.dat/updates.zip/jars/libvlc_mac.jar/plugins/liblibass_plugin.dylib",
      "message": "The binary is not signed.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "pipes_installer.dmg/pipes Installer.app/Contents/Resources/app/0.dat/updates.zip/jars/libvlc_mac.jar/plugins/liblibass_plugin.dylib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733",
      "architecture": "x86_64"
    }, .........
.
.
.
    {
      "severity": "error",
      "code": null,
      "path": "pipes_installer.dmg/pipes Installer.app/Contents/Resources/app/0.dat/updates.zip/jars/native-sso.jar/sso/mac.zip/Contents/MacOS/nppipes",
      "message": "The binary is not signed.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "i386"
    },
    {
      "severity": "error",
      "code": null,
      "path": "pipes_installer.dmg/pipes Installer.app/Contents/Resources/app/0.dat/updates.zip/jars/native-sso.jar/sso/mac.zip/Contents/MacOS/nppipes",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733",
      "architecture": "i386"
    },
    {
      "severity": "error",
      "code": null,
      "path": "pipes_installer.dmg/pipes Installer.app/Contents/Resources/app/0.dat/updates.zip/jars/native-sso.jar/sso/mac.zip/Contents/MacOS/nppipes",
      "message": "The binary is not signed.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "pipes_installer.dmg/pipes Installer.app/Contents/Resources/app/0.dat/updates.zip/jars/native-sso.jar/sso/mac.zip/Contents/MacOS/nppipes",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "pipes_installer.dmg/pipes Installer.app/Contents/Resources/app/0.dat/updates.zip/jars/jna-5.7.0.jar/com/sun/jna/darwin/libjnidispatch.jnilib",
      "message": "The binary is not signed.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "pipes_installer.dmg/pipes Installer.app/Contents/Resources/app/0.dat/updates.zip/jars/jna-5.7.0.jar/com/sun/jna/darwin/libjnidispatch.jnilib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733",
      "architecture": "x86_64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "pipes_installer.dmg/pipes Installer.app/Contents/Resources/app/0.dat/updates.zip/jars/jna-5.7.0.jar/com/sun/jna/darwin/libjnidispatch.jnilib",
      "message": "The binary is not signed with a valid Developer ID certificate.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721",
      "architecture": "arm64"
    },
    {
      "severity": "error",
      "code": null,
      "path": "pipes_installer.dmg/pipes Installer.app/Contents/Resources/app/0.dat/updates.zip/jars/jna-5.7.0.jar/com/sun/jna/darwin/libjnidispatch.jnilib",
      "message": "The signature does not include a secure timestamp.",
      "docUrl": "https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087733",
      "architecture": "arm64"
    }
  ]
}

I have looked at Signing and notarizing install4j macOs dmg. But that did not resolve my issue. enter image description here

Answer 1

You have various JAR files containing binaries that are not signed automatically by install4j.

On the General Settings->Code Signing step, edit the "JAR files to be scanned for binaries" setting and add the entries

libvlc_mac*
native-sso*
jna-*

Then it should work.