The intention of this blog is to guide you through signing of the packages(pkg) or installer for Mac OS X 10.8 (Mountain Lion). There are different ways to make installer for Macintosh and one of the most preferred way is to use PackageMaker. PackageMaker is an application released by Apple for making installer. It’s pretty easy to do basic things with PackageMaker but customized things aren’t very easy to do. The problem being there is very little useful documentation from Apple.
Coming back to task at hand, We need to sign our package using Apple’s Developer ID Installer Certificate for the Gatekeeper to allow the installer to run. There are two simple steps.
Step 1: Create a normal (unsigned) installer using either the UI or the command-line version of PackageMaker
Step 2: Use productsign to sign the Package
Usage: productsign [options] –sign identity input-product-path output-product-path
This would work as long as the installer is of PKG format (flat). Signing of MPKG format is not supported.
Avoid using any of these methods.
1. Signing the Package using PackageMaker’s UI
2. Signing the Package using PackageMaker’s command line tool
If you compare the incorrectly signed installer image with the correctly signed installer image, you would find one difference. Incorrectly signed installer does not have Developer ID Certification Authority certificate. Without this certificate the Gatekeeper cannot verify the signed installer and hence rejects it. The problem is with PackageMaker, it doesn’t add the Developer ID Certification Authority certificate while signing the installer.