I have a Mac app which I have signed using the 'productsign' command from the terminal
productsign --sign "3rd Party Mac Developer Installer: My company (dasdfjkaj)" InstallerUnsigned.pkg InstallerSigned.pkg
productsign: signing product with identity "3rd Party Mac Developer Installer: My company (dasdfjkaj)" from keychain /Users/me/Library/Keychains/login.keychain
productsign: adding intermediate certificate "Apple Worldwide Developer Relations Certification Authority"
productsign: Wrote signed product archive to InstallerSigned.pkg
I then ran the assess command
spctl -a -v --type install InstallerSigned.pkg
InstallerSigned.pkg: accepted
I also checked the signature
pkgutil --check-signature InstallerSigned.pkg
Package "InstallerSigned.pkg":
Status: signed by a developer certificate issued by Apple
Certificate Chain:
1. 3rd Party Mac Developer Installer: My company (dasdfjkaj)
2. Apple Worldwide Developer Relations Certification Authority
3. Apple Root CA
When I run the installer from my machine (with Gatekeeper set to "Mac App store and identified developers") it runs fine. It also installed properly when I downloaded the same pkg after I deployed it to my website.
But... when I download the pkg in another machine it fails to install. It does not recognize my developer ID. When I run the spctl command on the failed machine, I get
spctl -a -v --type install InstallerSigned.pkg
InstallerSigned.pkg: rejected
Does anyone know why this it runs fine on my own machine but fails when the pkg runs on another machine? I am all out of ideas really :/
EDIT:
This is what I get when
spctl --list --type execute
3[Apple System] P0 allow execute
anchor apple
4[Mac App Store] P0 allow execute
anchor apple generic and certificate leaf[field.<I removed this>] exists
5[Developer ID] P0 allow execute
anchor apple generic and certificate 1[field.<I removed this>] exists and certificate leaf[field.<I removed this>] exists
7[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
10[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
14[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
15[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
18[GKE] P0 allow execute [(gke)]