My C++ daemon for MacOSX is being successfully signed with productbuild:
productbuild: Wrote product to Installers/app.pkg-unsigned
productsign: signing product with identity "3rd Party Mac Developer Installer: myCompany" from keychain key.keychain
productsign: adding certificate "Apple Worldwide Developer Relations Certification Authority"
productsign: adding certificate "Apple Root CA"
productsign: Wrote signed product archive to Installers/app.pkg
The certificate I am using has been created by first creating an App ID for my daemon, then by requesting a Mac Installer Distribution certificate for the particular App ID.
I can verify that the .pkg is signed with pkgutil --check-signature app.pkg, both with the fresh package file AND with the same package uploaded on Google Drive and then re-downloaded to simulate the download from an exteral site. Both checks give me the following:
Package "app.pkg":
Status: signed by a developer certificate issued by Apple
Certificate Chain:
1. 3rd Party Mac Developer Installer: myCompany
SHA1 fingerprint: oh happy day
2. Apple Worldwide Developer Relations Certification Authority
SHA1 fingerprint: oh happy day
3. Apple Root CA
SHA1 fingerprint: oh happy day
However, when I try to start the installer Gatekeeper complains: Impossible to open "app.pkg" because it comes from an unidentified developer..
What am I doing wrong? Do I need a different certificate?
Thank you in advance.
Best Answer
Duplicated question: My signed .pkg file is not accepted
I was actually using a wrong certificate. I will try to confirm it before flagging this as the answer, but the question looks promising.