Hi all, anyone with experience in signing .pkg files for distribution OUTSIDE of the App Store?
I'm aware this isn't the right forum, but I couldn't see an appropriate section -sorry in advance.
- Set up the required private key and installer certificates through the Apple Dev site.
- Created a .pkg with the WhiteBox Packages software.
- Note: the content is NOT a standard .app file - it is a set of 3 plug-in files: .component, .vst, and .vst3, which are each moved into their required location upon install.
- (During this stage, I used the 'identifier' provided on the Apple Dev site: e.g com.companyname.productname)
- Built the .pkg with no issues.
- Signed the .pkg using the terminal command:
- productsign --sign developer-ID-number /path-to-file/xyz.pkg /path-to-new-file/xyz_signed.pkg
- This was successful, and the correct information comes up when using the pkgutil --check-signature command.
- The signed .pkg works perfectly when not quarantined, and behaves as expected.
- However, re-quarantining the .pkg by emailing it to myself gives the "...can't be opened because it is from an unidentified developer" message.
Any thoughts on things I've missed? I thought it could be to do with the com.companyname.productname identifier somehow being incorrect, or perhaps an issue with my installer certificates?
Thanks!
Joe