Recent changes to Xcode seem to have all builds including an Archive disabling the timestamp (--timestamp=none) when singing an application. It is expected that one use the Organizer and Export the application from there choosing "Export a Developer ID-signed Application". Problem is that when I do so spctl (and Gatekeeper) reject the application:
# spctl -a -t exec -vv <hidden>.app
<hidden>.app: rejected
origin=Developer ID Application: <hidden> INC
It gives no reason. And codesign seems to believe there is no problem:
# codesign --verify --strict --verbose <hidden>.app
<hidden>.app: valid on disk
<hidden>.app: satisfies its Designated Requirement
My application is rather complex; however, previous to Xcode 8? when this all changed my application was being signed correctly during the Archive step. I can find no information about why spctl rejected the app.
Is there any way to get additional information why it is failing?
Is there a way to force the Archive step to once again sign my app and include a timestamp?