We should staple notarization to the .app and not the .zip

src/Squirrel.CommandLine/OSX/Commands.cs

@@ -129,6 +129,8 @@ private static void Pack(PackOptions options)
                 HelperExe.CodeSign(options.signAppIdentity, options.signEntitlements, appBundlePath);
                 HelperExe.CreateDittoZip(appBundlePath, zipPath);
                 HelperExe.Notarize(zipPath, options.notaryProfile);
+                HelperExe.Staple(appBundlePath);
+                File.Delete(zipPath);
             } else if (SquirrelRuntimeInfo.IsOSX && !String.IsNullOrEmpty(options.signAppIdentity)) {
                 HelperExe.CodeSign(options.signAppIdentity, options.signEntitlements, appBundlePath);
                 Log.Warn("Package was signed but will not be notarized or verified. Must supply the --notaryProfile option.");
@@ -177,6 +179,7 @@ private static void Pack(PackOptions options)
                 HelperExe.CreateInstallerPkg(appBundlePath, pkgPath, options.signInstallIdentity);
                 if (!String.IsNullOrEmpty(options.signInstallIdentity) && !String.IsNullOrEmpty(options.notaryProfile)) {
                     HelperExe.Notarize(pkgPath, options.notaryProfile);
+                    HelperExe.Staple(pkgPath);
                 } else {
                     Log.Warn("Package installer (.pkg) will not be Notarized. " +
                              "This is supported with the --signInstallIdentity and --notaryProfile arguments.");

src/Squirrel.CommandLine/OSX/HelperExe.cs

@@ -156,7 +156,11 @@ public static void Notarize(string filePath, string keychainProfileName)
             }
 
             Log.Info("Notarization completed successfully");
-
+        }
+
+        [SupportedOSPlatform("osx")]
+        public static void Staple(string filePath)
+        {
             Log.Info($"Stapling Notarization to '{filePath}'");
             Console.WriteLine(InvokeAndThrowIfNonZero("xcrun", new[] { "stapler", "staple", filePath }, null));
         }