diff --git a/.github/workflows/build-ddev.yml b/.github/workflows/build-ddev.yml
index aba0cfa53236c..e80b17c222258 100644
--- a/.github/workflows/build-ddev.yml
+++ b/.github/workflows/build-ddev.yml
@@ -447,6 +447,7 @@ jobs:
         cd ../notarize-bin
         for f in *; do
           rcodesign notary-submit -vv \
+          --wait \
           --api-key-path /tmp/app-store-connect.json \
           "$f"
         done
@@ -545,12 +546,25 @@ jobs:
 
     - name: Sign PKG
       run: >-
-        rcodesign sign -vv
+        rcodesign sign -vvv
         --pem-source /tmp/certificate-installer.pem
         --pem-source /tmp/private-key-installer.pem
         "staged/${{ steps.pkg.outputs.path }}"
         "signed/${{ steps.pkg.outputs.path }}"
 
+    - name: pkgutil check signature
+      run: >-
+        pkgutil --check-signature "signed/${{ steps.pkg.outputs.path }}"
+
+    - name: rcodesign print-signature-info
+      run: >-
+        rcodesign print-signature-info "signed/${{ steps.pkg.outputs.path }}"
+    # codesign thinks the pkg file isn't signed at all
+    # https://github.com/DataDog/integrations-core/actions/runs/14882554334/job/41794332393?pr=20234#step:28:15
+    # - name: check timestamp
+    #   run: >-
+    #     codesign -dvv "signed/${{ steps.pkg.outputs.path }}"
+
     - name: Notarize PKG
       run: >-
         rcodesign notary-submit