Developer ID Gotcha
So, my recommended fix either to use Xcode 4.3 to build your app, or mimic Xcode 4.3′s code signing behavior by stealing its codesign arguments (look in the build log after building on 4.3) and applying them verbatim in your build process.
If you need your application to work on older versions of OS X, you need to take care. By default, codesign will sign your application using a designated requirement that is built into the system. The default is controlled by the system that you are performing verification on, not the system that you’re signing on.
Update (2012-03-24): Ben Artin:
Where we run into problems is that the designated requirement embedded inside an application signed by Xcode 4.3 using an Apple Developer ID (which is required to support Gatekeeper in Mac OS X 10.8 Mountain Lion) is too complex for Mac OS X 10.5.x to understand. As a result, a Gatekeeper-enabled app running on Mac OS X 10.5.x always seems to be an impostor, which results in a variety of problems (such as the user always being prompted to allow the app to use passwords stored in the keychain, instead of being prompted only the first time — exactly the problem we ran into with Fetch 5.7.1).
He seems to have a better solution than Jalkut.
