I need to distribute my MacOS app to users at my institution so I packaged and signed it with “productbuild” as such: I generated the signing key in the Developer portal by choosing the “Mac Installer Distribution” type downloaded it and added it to my keychain. Then I ran this command:
> productbuild --sign "3rd Party Mac Developer Installer (XXXXXXXXXX)" \
> --component InstallTkiCliClient.app /Applications InstallTkiCliClient.pkg
I placed the file in an S3 bucket and downloaded it with Safari. When I open it, I get the dialog that says ‘“AppName.pkg” cannot be opened because it is from an unidentified developer.’ and I have no option but to cancel the operation. I know the “trick” of ctrl-clicking the file and choosing “Open With” to bring up a dialog that has an option to open the app. That is not my problem. I wanted to avoid this problem for persons that download it so that is why I did all this in the first place. I did try using “productsign” as well, but that didn’t fix anything which was not a surprise.
> productsign --sign "3rd Party Mac Developer Installer (XXXXXXXXXX)" \ \
> InstallTkiCliClientInstaller.pkg \
> InstallTkiCliClientInstallerSigned.pkg
Can someone figure out what I did wrong? Did I miss a step?