Code signed Mac app broken after downloading

Question

I'm attempting to sign a Mac application using the command line, I have a script which worked well in Mountain Lion but no longer appears to work in Mavericks.

All appears to work well and running the following after signing produces the expected output:

> spctl -a -vvvv Name.app
Name.app: accepted
source=Developer ID
origin=Developer ID Application: Name, Inc (HA44SZ69G3)

I then zip the .app, upload to Amazon S3, download and unzip and run the same command - the output is:

spctl -a -vvvv Name.app
Name.app: rejected
source=no usable signature

Answer 1

A bit late to the party, anyway my solution was to use tar instead of zip, like this:

tar -czf ../my-app.tar.gz my-app.app

Signature and notarization are preserved after compressing and uncompressing the file.

Answer 2

Are you creating and/or expanding the zip archive using OS X's command line tools? They do not properly preserve and restore OS X's complex filesystem metadata, so the restored app will not be the same as the one you signed. If you need to create a metadata-preserving zip archive at the command line, use:

ditto -c -k --sequesterRsrc --keepParent src_directory archive.zip

(see this previous question). To expand it and reattach the metadata, use:

ditto -x -k archive.zip dst_directory