My signed .pkg file is not accepted
-
14-04-2021 - |
Question
I'm struggling with signing my installer to keep Gatekeeper happy.
When building i sign the .pkg:
productsign --sign "3rd Party Mac Developer Installer: GNXXXXXXXXXX (XXXXXXXXXXX)" UnsignedJaXXXXXXXXXX0.5.pkg JaXXXXXXXXXXt0.5.pkg
using this certificate:
When checking with pkgutil I can see that the file is signed:
However still Gatekeeper is not happy.
spctl gives this result:
What am I missing?
Update
spctl with verbose:
Solution
You're using a signing identity that can only be used for Mac App Store distribution. You cannot sign with that identity and test it on your own Mac before submitting it to the Mac App Store - it won't pass GateKeeper validation.
If you want to create an installer for distribution outside the Mac App Store, you'll need to use a signing identity prefixed "Developer ID Installer".
OTHER TIPS
As jksoegaard said, you need to use a signing key prefixed with Developer ID Installer
.
If you're using an organizational apple developer account, you may need your account owner to create it. (Current docs suggest any admin can, but I have not found that to be the case)
As of today, this option is titled "Developer ID Application" and is the last one you can select.