1

I am trying to produce a code-signed installer package for distribution outside the Mac Store. My keychain contains the 5 certificates you get when joining the Apple Developer program yesterday. I have to use the command line "codesign" tool to do this. This requires great craft because codesign's default mechanism for hooking up with the correct certificate does not discriminate between certificates with similar "common names"--that they all begin with "3rd Party Mac Developer" creates confusion for codesign's default setting. There are ways to deal with this, however, if you study the documentation (codesign's man page and Apple's technical document, "Code Signing"). When I follow the various instructions carefully my attempt still fails. Here's my terminal command line input (note that my certificate id is X-ed out):

codesign -s "3rd Party Mac Developer Installer: Antony Nispel (XXXXXXXXXX)" -v /Users/antonywallacenispel/Desktop/SpellAware
_1.0/SpellAwareDistributionPackageStuff/SpellAware 

Here is the result:

3rd Party Mac Developer Installer: Antony Nispel (XXXXXXXXXX): this identity cannot be used for signing code

And when I try the more restrictive request:

codesign -s -i "3rd Party Mac Developer Installer: Antony Nispel (XXXXXXXXXX)" -v /Users/antonywallacenispel/Desktop/SpellAware_1.0/SpellAwareDistributionPackageStuff/SpellAware 

I get the following response:

-i: no identity found 

I assure you that my "identity" (the comon name of my installer certificate) is correct.

I would appreciate any help.

Antony
  • 187
  • 4
  • 15

1 Answers1

2

The "Developer ID Installer" certificate is what you would use if not submitting to the AppStore.

Certificates Matter

These are the certificates you will need to use together for codesigning:

  • Developer ID Installer

  • Developer ID Application

    • 3rd Party Mac Developer Installer (usually only used for the AppStore apps).

Apple Developer Codesigning Workflow Guide

In short, you have codesign your installer in a specific order with the correct codesigning certificate. I answered a similar question previously here.

Community
  • 1
  • 1
l'L'l
  • 44,951
  • 10
  • 95
  • 146
  • Thanks for information. I also received a similar correction from someone at the Mac Forum. One small question remains is whether I use 'codesign' or 'productsign' on the installer package. Anyway, I'll try both shortly. – Antony Feb 21 '14 at 23:19
  • For installer packages the docs imply `productsign` is the one to use. man productsign reads `productsign adds a digital signature to a product archive previously created with productbuild(1).` Here's a link i found to some [helpful additional info](http://s.sudre.free.fr/Stuff/Installer/Unreleased_Notes/10.8_Gatekeeper.html). – l'L'l Feb 22 '14 at 17:32
  • Just wanted to know y didnt the certificate signed the app as mentioned in the question, the certificate was meant for app store so an app store dmg must be created, "however i agree that for distributing outside the store Developer Id certificates must be used". What special should i do if i want to create for app store? – Swati Jun 20 '17 at 09:48