Difficulty Signing a Package created by Composer

dlondon
Valued Contributor

I have a fairly simple package that I created with Composer to install a VPN configuration profile and some additional settings that can't be done with the profile. I'm doing this for machines that aren't managed but I'd like to get this working to sign QuickAdd packages too.

We are at a University and I have a Developer account in a Team subscription. When I use the certificate I created and installed into my KeyChain, I get an error message when I try and create a Package:

productsign: error: Could not find appropriate signing identity for “Apple Development: David London ... . An installer signing identity (not an application signing identity) is required for signing flat-style products.

I can't see an Installer signing Identity when I look at the choices in Apple Developer - Application signing.

Is there possibly some other level other than just a Developer that gives me more than these three options?

Apple Development
Sign development versions of your iOS, macOS, tvOS, and watchOS apps. For use in Xcode 11 or later.

iOS App Development
Sign development versions of your iOS app.

Mac Development
Sign development versions of your Mac app.
Maximum number of certificates generated

This https://www.jamf.com/jamf-nation/articles/301/obtaining-an-installer-certificate-from-apple says I need Team Agent privileges but I don't think that exists any more

Regards,

David

1 ACCEPTED SOLUTION

dlondon
Valued Contributor

Well looks like when you have a Team Developer account, someone with the Role of Developer cannot make a certificate (Developer ID Installer certificate) to be used for signing an Installer Package that is distributed outside of the App Store. I ended up getting the person who is the Account Holder to help as that is the only one who can make that particular certificate.

I created a CertificateSigningRequest.certSigningRequest file from Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority and filled in my appleid info for my Developer role. I gave the Account Holder the certSigningRequest file and she selected to create a Developer ID Installer certificate in the Apple Developer web site. I then installed the certificate in my KeyChain and now I don't get any errors using that certificate in Composer to sign my Package

I've tested on a clean unmanaged machine with just the base OS (10.15.3) and don't get any problems with the Package installation

View solution in original post

1 REPLY 1

dlondon
Valued Contributor

Well looks like when you have a Team Developer account, someone with the Role of Developer cannot make a certificate (Developer ID Installer certificate) to be used for signing an Installer Package that is distributed outside of the App Store. I ended up getting the person who is the Account Holder to help as that is the only one who can make that particular certificate.

I created a CertificateSigningRequest.certSigningRequest file from Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority and filled in my appleid info for my Developer role. I gave the Account Holder the certSigningRequest file and she selected to create a Developer ID Installer certificate in the Apple Developer web site. I then installed the certificate in my KeyChain and now I don't get any errors using that certificate in Composer to sign my Package

I've tested on a clean unmanaged machine with just the base OS (10.15.3) and don't get any problems with the Package installation