Reading the apple docs about notarization it is not clear if we need to notarize binaries(for example a launch daemon), frameworks or dylibs.
Do we need to also notarize these?
The apple docs can be found here Notarizing Your App Before Distribution
Answering my own question here, maybe it helps someone.
This can be done automatically by Xcode; however if you need to manually configure this(maybe you have Continuous Integration, or w/e) this might help.
Notarization gives users more confidence that the Developer ID-signed software you distribute has been checked by Apple for malicious components.
If there are no issues, the notary service generates a ticket for you to staple to your software
The notarization will be required for binaries, frameworks, dylibs, apps in future macOS releases.
--timestamp to Other Code Signing Flags in Build Settings for each target that produces a binary, framework, dylib or app--options=runtime to Other Code Signing Flags (for Xcode < 10.2) or Enable Hardened Runtime (for Xcode >= 10.2) in Build Settingsxcrun altool --notarize-app -f <path_to_zip_dmg_or_pkg> --primary-bundle-id <bundle_identifier> -u <apple_id> -p @keychain:"Application Loader: <apple_id>" ---> this returns an UUID which will also be sent on the the mail address for the provided <apple_id> after the notarization is donexcrun altool --notarization-info <UUID_from_previous_step> -u <apple_id> -p @keychain:"Application Loader: <apple_id>"curl LogFileURL, where LogFileURL is returned in the json response of the previous commandxcrun stapler staple -v <path_to_app_dmg_or_pkg>; only app, dmg and pkg can be stapled.codesign -dvvv <path_to_file> to check if codesigning is done, also check the timestamp valuespctl -a -v <path_to_file> to check if stapling is valid