Apple Signed Installer


#1

Hey,

Any guides for generating an installer which can handle all possible plugin formats on mac? I’m using packages but am getting a warning because of the new rootless feature on el capitan.

Anyone built any installers recently and wanna point me in the right direction? : )


#2

Hi @Jake_Penn,

if you are not already using it, use Packages to generate your packages based installer. It’s much easier than trying to work with the tools Apple provides. It has a command line interface, so you can integrate it in your build script. Availabe at http://s.sudre.free.fr/Software/Packages/about.html

IIRC you need a flat package hierarchy such that your installer will work in El Capitan. I have one package for each plugin format. This enables the user to specify the plugin formats he wants to install.

Bonus tip: Add a pre-install script to each package to uninstall a previous plugin version from the system. Why? Because if you just replace the old plugin, the creation date wont change (only the modification date). Some hosts (including Pro Tools) only trigger a rescan of your plugin if the creation date got changed. Also do this in your Windows installer.


#3

Awesome, thanks @samuel

I used packages and got the build working with the custom options for the various formats.

Do you know how to attach apple developer certificates to the .pkg? Do I need to add them to all the plugin formats and the installer through the command line? I’m gonna move onto windows for a bit and then come back to try to get that irritating unidentified developer warning away.


#4

After you have created the installer with Packages, call

productsign --sign "Developer ID Installer: <your developer name>" <unsigned.pkg> <signed.pkg>

In order to work, your certificate needs to be in your keychain. IIRC there are two ways to achieve this, either via XCode or via downloading and importing via the ‘Keychain Access’ tool.


#5

thank you!


#6

In case someone bump into the same issue : just wanted to mention that in order to get a successfully signed installer I have to set the format option in my Packages’ project settings to Flat and not Bundle.

Otherwise I got some errors like "component package X not found inside "MyInstallerName.mpkg" and must be signed explicitly"

But setting it to Flat and simply signing the installer package with the command above worked just fine.