The signatures created by xcode dont include a timestamp. Deactivating any codesigning and doing it manually adds the timestamp just fine.
I have set code signing identity in producer to “Developer ID Application”
I have set my Development Team ID in producer correctly
I enabled hardened runtime
According to this page, the timestamp is only automatically added during archive or export:
By default, Xcode doesn’t include a secure timestamp as part of the app’s code signature during the build process. Instead, it adds a secure timestamp only during the archive (as of Xcode 10.2) and export workflows.
If you need a timestamp with every build, add this to your xcconfig or build settings:
OTHER_CODE_SIGN_FLAGS = --timestamp
For anyone else having this issue:
- I wrongly assumed that the timestamp was missing because apple notarization errors told me exactly that for multiple files, why did I trust Apple in the first place?
- creating a new packages project (using the exact same files) solved the issues for me, should probably switch to pkgbuild