alt Hacker NewsTheres two different steps, there is signing and there is notarization. You sign with the developer certificate using productsign/codesign, and then there is notarization, which you use notarytool to submit your signed binaray to apple to notarize.
finally you then take their response and staple it to your binary. Its a lot of steps.
Yup I do the first two - https://github.com/zig-for/snfm/blob/main/.github/workflows/...
The documentation implies the last step is optional https://developer.apple.com/documentation/security/customizi... but it might be inaccurate