Create installer package .pkg

Code Signing General
Reuven8e14 OP
Created Apr ’20
Replies 1
Boosts 0
Views 6.0k
Participants 2

Hi,


I need to create an instaler package .pkg.
I have read cerfuly the post Signing a Mac Product For Distribution, however i miss some pices:

  • On Build an Installer Package section you say "depending on your distribution channel” what are the options and do that influent the needed certificate?
  • Currently I see that the only available certificate is "3rd Party Mac Developer Installer:” do we need to create "Developer ID Installer:” (in all documentations that I have read all are talking on the "Developer ID Installer:”, what is the deference?
  • When using productbuild command with —sign we do not need to use productsign command?
  • Using the codesign command with the flags --timestamp --options=runtime, in that case do we still ned entitlements attached for the timestamp and for the hardening?

I there any totorial / example of how to create .pkg (this packege is to hold and use a .kext kernal extension) using xcode 11.x commandline tools that will load on macOS Catalina?


Thanks a lot,

Reuven

Replies  1
Boosts  0
Views  6.0k
Participants  2
DTS Engineer OP
Apple
Apr ’20

On Build an Installer Package section you say "depending on your distribution channel” what are the options

There are two channels for Mac product distribution:

  • On the Mac App Store

  • Independently, using Developer ID

and do that influent the needed certificate?

Yes. The Build an Installer Package section of Signing a Mac Product For Distribution lists the specific signing identities to use in each case.

Currently I see that the only available certificate is "3rd Party Mac Developer Installer:” do we need to create "Developer ID Installer:”

Yes.

When using 

productbuild
command with 
--sign
we do not need to use 
productsign
command?

Correct.

Using the 

codesign
command with the flags 
--timestamp --options=runtime
, in that case do we still need entitlements attached for the timestamp and for the hardening?

Entitlements are different from either the secure timestamp or the hardened runtime flag. All Developer ID signed items need a secure timestamp. The hardened runtime flag is needed by all main executables (per the definition in Signing a Mac Product For Distribution). Entitlements are only necessary… well… when they’re necessary. It’s hard to say when that is; it depends on what APIs your product uses and how it uses them.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
2
Create installer package .pkg
First post date Last post date
 
 
Q