My signed .pkg file is not accepted

apple.stackexchange https://apple.stackexchange.com/questions/280483

Question

I'm struggling with signing my installer to keep Gatekeeper happy.

enter image description here

When building i sign the .pkg:

productsign --sign "3rd Party Mac Developer Installer: GNXXXXXXXXXX (XXXXXXXXXXX)" UnsignedJaXXXXXXXXXX0.5.pkg JaXXXXXXXXXXt0.5.pkg

using this certificate:

enter image description here

When checking with pkgutil I can see that the file is signed:

enter image description here

However still Gatekeeper is not happy.

spctl gives this result:

enter image description here

What am I missing?

Update

spctl with verbose:

enter image description here

Was it helpful?

Solution

You're using a signing identity that can only be used for Mac App Store distribution. You cannot sign with that identity and test it on your own Mac before submitting it to the Mac App Store - it won't pass GateKeeper validation.

If you want to create an installer for distribution outside the Mac App Store, you'll need to use a signing identity prefixed "Developer ID Installer".

OTHER TIPS

As jksoegaard said, you need to use a signing key prefixed with Developer ID Installer.

If you're using an organizational apple developer account, you may need your account owner to create it. (Current docs suggest any admin can, but I have not found that to be the case)

As of today, this option is titled "Developer ID Application" and is the last one you can select.

Licensed under: CC-BY-SA with attribution
Not affiliated with apple.stackexchange
scroll top