Mountain Lion Signing packages

The intention of this blog is to guide you through signing of the packages(pkg) or installer for Mac OS X 10.8 (Mountain Lion). There are different ways to make installer for Macintosh and one of the most preferred way is to use PackageMaker. PackageMaker is an application released by Apple for making installer. It’s pretty easy to do basic things with PackageMaker but customized things aren’t very easy to do. The problem being there is very little useful documentation from Apple.

Coming back to task at hand, We need to sign our package using Apple’s Developer ID Installer Certificate for the Gatekeeper to allow the installer to run. There are two simple steps.

Step 1: Create a normal (unsigned) installer using either the UI or the command-line version of PackageMaker

Step 2: Use productsign to sign the Package

Usage: productsign [options] –sign identity input-product-path output-product-path

This would work as long as the installer is of PKG format (flat). Signing of MPKG format is not supported.

Properly Signed Installer

Properly Signed Installer

Avoid using any of these methods.

1. Signing the Package using PackageMaker’s UI

2. Signing the Package using PackageMaker’s command line tool

Incorrectly signed installer

Incorrectly signed installer

If you compare the incorrectly signed installer image with the correctly signed installer image, you would find one difference. Incorrectly signed installer does not have Developer ID Certification Authority certificate. Without this certificate the Gatekeeper cannot verify the signed installer and hence rejects it. The problem is with PackageMaker, it doesn’t add the Developer ID Certification Authority certificate while signing the installer.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s