Platforms: Ventura and Big Sur Steps to Reproduce: Create new application and installer CSRs with keypairs Generate new certificates in Apple web portal Repackage certificates as .p12 using exported private keys since they are not referenced in keychain app by default. Import certificates into MacOS Keychain Set certificate access to "Always Trust" for all certificate uses Sign binary fails using "codesign --force --sign " Sign installer package succeeds using "productsign --sign Additional Info: The private keys ware initially not recognized by the Keychain application resulting a certificate without a private key "leaf" beneath them. To resolve it I exported the private key and repackaged certificate as a .p12 file. Both certificates appear "good" when evaluated for code signing The installer certificate shows an intermediate and root while the application certificate does not Repackaging as .p12 with expected intermediate and root did not resolve the issue Installing all available intermediates and roots from Apple did not resolve the issue Signing a test app with XCode succeeds In production, we sign using CMake so we need to be able to sign code from the command line with codesign.

We have the need to pass in parameters to an installation package when installing it. In this case, it is an identifier used to validate that the installation should proceed. Is it possible with the MacOS installer executable? What is the Apple recommend way to do this?