I need to sign a MacOS installer with .pkg extension. I have a .pfx certificate and added it to Keychain. It contains both certificate and the private key.
But when I try to sign this .pkg using productsign utility, it shows an error as :
productsign --sign "commonName" unsigned.pkg signed.pkg
productsign: error: Could not find appropriate signing identity for “commonName”. An installer signing identity (not an application signing identity) is required for signing flat-style products.
On
These steps work for us:
Unlock the keychain:
security unlock-keychain -p {keychain_password} /Users/{your_user}/Library/Keychains/login.keychain-db
List the available signing identities:
Note: Code signing identities cannot be used to sign a pkg in mac. You can find these by adding -p codesigning to the below command.
security find-identity -v
Sign an installer using productsign:
Note: The identity can typically be the long hex code from the above command:
productsign --sign "{your_identity}" original.pkg signed.pkg
You have to find out what the name of your pfx is and replace the "commonName" with it.
U should search for something like "Developer ID Application: ..." to sign the package.