1

I got an installer certificate from Apple, my installers are custom APPs (no pkg or something). Now if I run

productsign —sign "Developer ID Installer: xxxx" /DATA/Install/xxx.app /DATA/Install/xxx.app.sign

it just says this:

Usage: productsign [options] --sign <identity> <input-product-path> <output-product-path>

I thought it is buggy or something, but maybe it just doesn't like APP files. Any ideas?

mrzacek mrzacek
  • 308
  • 2
  • 12

1 Answers1

0

As the documentation states for productsign:

productsign adds a digital signature to a product archive previously created with productbuild

So your input should not be the application bundle, but rather the archive package which you first create with productbuild.

Note that you can sign the product archive directly from productbuild with the --sign option

Just to complicate things further(!), it's possible to use pkgbuild to create an archive and sign with that, but if I recall correctly, you must use productbuild if you're deploying via the App Store.

As I understand it, if your product contains multiple components, they can each be archived with pkgbuild, then bundled together into a single archive with productbuild via the use of a distribution file, which can be created with productbuild and the option --synthesize

For more detail, the top answer to this question details the steps required to make a distributable package.

Community
  • 1
  • 1
TheDarkKnight
  • 27,181
  • 6
  • 55
  • 85
  • The problem is this is a custom crossplatform installer, so it really needs to be APP. Isn't there another way? It seems ridiculous not to allow custom apps as installers. But wouldn't be that surprising with Apple... – mrzacek mrzacek Mar 17 '16 at 16:03
  • If it's just an app bundle, then what's wrong with [codesign](https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/codesign.1.html) and a standard Developer ID certificate? – TheDarkKnight Mar 17 '16 at 16:14
  • Hmm, I actually didn't try :). Apple spreads everywhere that for installers one needs to use an installer certificate, so I don't really know. I'll try. – mrzacek mrzacek Mar 23 '16 at 19:35
  • *one needs to use an installer certificate* - Unfortunately, [few installers are signed](https://medium.com/@DubiousMind/a-sign-of-the-times-f06314ef92cf#.cbe0hxoe2) – TheDarkKnight Mar 24 '16 at 09:03
  • $PACKAGEMAKER --doc $PMDOC --version $APPVERSION --out $TMPDIR$MAC${!BNAME}.pkg --scripts $SCRIPTSPATH${!BNAME} productsign --sign "Developer ID Installer: Name" $TMPDIR$MAC${!BNAME}.pkg $BUILDDEST${!BNAME}.pkg echo ${!BNAME} made!! – Vikram Sinha Sep 21 '18 at 12:27