Uploading a signed, notarized macOS .app via butler results in ".app is damaged" message, whereas uploading a zip manually doesn't

[SFBTom]

My app 'ChipTone' is signed and notarized with the official Apple process, so that everyone can use it without complaints from Gatekeeper. The resulting .app file works correctly on any mac I throw it at - it opens without issue.

However, when I use the butler push command to upload the .app file to itch for distribution, the resulting .zip file when downloading and extracted produces a version of the .app that shows the ".app is damaged" message and refuses to open.

For now, I've found that compressing the .app into a zip myself and uploading that via the "Edit project" page results in a .zip file that when downloaded and extracted, gives the working version of the .app. However, this is unfortunate, as I'm unable to use a version number, or automate it as part of my build process (as far as I know...)

I'm not sure what butler is doing to modify the contents of the .app in such a way that the existing signing/notarization is no longer valid, or if that's even what's happening? If it is doing something of that sort though, would it be possible to add an option to turn that off in cases like this?

Here are the two zips, one created by butler, one created manually by me/macOS:

https://www.dropbox.com/s/dsdi2cdmk9xnn49/chiptone-mac-butler.zip?dl=0 https://www.dropbox.com/s/rfrfqcfwwzqc68h/chiptone-mac-manual.zip?dl=0

[ricardocostaza]

@SFBTom check if your app is being quarantined by Gatekeeper by running this command: xattr ChipTone.app

I've found out that distributing DMGs work the best - plus Mac users are very familiarized to the classic DMG containing the .app and a shortcut to the Applications folder. This also make it less likely Gatekeeper quarantining the file.