Notarization seems to succeed but installer has issues

It seems like something changed in the notarization in the last few days. I'm running the same build script that creates and notarize a DMG that contains a PKG with 4 plugins. Everything is signed correctly. No error anywhere in the notarization process.

Checking the status of the notarization, I get this:

Status: success
Status Code: 0
Status Message: Package Approved

Stapling returns this:

The staple and validate action worked!

Yet, if I check the PKG inside with this command:

spctl -a -vvv -t install 

I get this output:

.pkg: rejected
source=Unnotarized Developer ID
origin=Developer ID Installer: My Company

This project was perfectly working a few weeks ago, and we have not changed a thing. Checking the notarization log, the only issue I see is this:

"issues": [
    {
      "severity": "warning",
      "code": null,
      "path": "Archive.dmg/Installer.pkg",
      "message": "This archive is corrupt, and cannot be unpacked for analysis.",
      "docUrl": null,
      "architecture": null
    }
  ]

But this warning is also present in past DMG/PKG thatare notarized and work as they should. Another difference from previous logs is that I can only see one item in ticketContents, which is the DMG, while previously I could see two, both the DMG and the PKG.

Same problem.

Notarization seems to succeed but installer has issues
 
 
Q