Clever Geek Handbook

Mac App Installer Subscriber Confusion

I'm having a hard time figuring out how to package a Mac app into an installer ( .pkg

) and sign it for distribution outside of the App Store (for example, on my own website).

Xcode 6 The Organizer / Archives window provides four options for exporting an archive of Mac applications:

  • Export app signed with developer ID - Signature identification: developer ID: (<10 digit hex number>)

  • Save for Mac App Store Deployment . - Identity Signature: Third Party Mac Developer App (<10 digit hex number>)

  • Export as Mac Installer Package Signature Identification: Third Party Mac Developer Application (<10-digit hex number>)

  • Export as Mac app - (tips to save location right away)

Note that the option other than exporting the installer package does not use the third-party Mac Installer ID "(which certificate I also have in my keychain), but the third-party Mac Application . Why is this? It is possible that the application contained here is being signed. in the installer and I still need to sign the package itself? (By the way, I tried this, but after sending the pkg to myself via email, but when double clicked, it gives the horrible message "cannot be opened due to unknown developer warning"

Apple's documentation is a bit accurate, covers a lot of ground (signing packages, executables, frameworks, etc.) and seems to be centered around command line tools codesign

and productsign

; the same can be said for the related questions here at SO So what is the purpose of the Organizer Exporter Option # 3 above? Can i use it? Should I create the package using the command line or can I use this Xcode / GUI tool and just sign the exported one .pkg

? (assuming using command line).

Why can't Xcode "just run" and package / sign the app / package in one go? My installer doesn't require any fancy logic or contains any supporting files / directory structures; it's just a "wrapper" around mine .app

.

ADDITION: I tried instead to export a package .app

from Organizer signed as a "developer id app" (option # 1 above), package it with the old PackageMaker.app package, and sign it using the command line. But I still get the "Unknown developer" error and I can't open the installer after quarantine.

+3


source to share


1 answer


Stupid; I used the dummy certificate name "3rd Party Mac Developer Installer: (My Name)" instead of "Developer ID Installer: (My Name)".

Quick test using:

spctl --assess --type install <packagename>.pkg

gives:

<packagename>.pkg: rejected



... that means the package was not properly signed to work as an installer, I guess.

After correcting the username and signing the file .pkg

(created with PackageMaker or Xcode) using:

productsign --sign "Developer ID Installer <MyName>" ./Unsigned.pkg ./Signed.pkg

the command spctl

runs silently (no feedback - success?) and if I email the received packages to myself and download them (quarantine), the installers will launch and install the application without issue.

EDIT: I'll wait a few days before accepting my own answer, in case someone shares more knowledge.

+1


source






More articles:


All Articles