I am building my app and signing with a valid code signing certificate (Developer ID Application...) via:
codesign --force --verify --verbose --sign "Developer ID Application:..." <binary>
My .app/Contents/MacOS folder has a natively compiled binary that I execute from within the cocoa app. I'm also signing this binary using the same codesign command.
When I try to verify the signature of the different components using 'spctl' I get this for my main cocoa app:
accepted
source=Developer ID
origin=Developer ID Application: <redacted> Inc. (<redacted>)
When I run the same on the secondary binary I get:
rejected (the code is valid but does not seem to be an app)
origin=Developer ID Application: <redacted> Inc. (<redacted>)
I can't find anything via google today on the string 'the code is valid but does not seem to be an app'.
I'm not sure what to infer from that statement or how to proceed. Any help?
