Signing plugins on OS X and distributing as PKG files


This isn’t strictly a JUCE issue, although I’m sure it will be relevant to others, and maybe someone here can help…

I’m trying to package a plugin for distribution on OS X as a Mac “flat” package file.

The steps I’m currently doing:

  • Signing the plugin binaries in Xcode using my “Mac Developer” signing identity
  • Creating a pkg file from the command line using pkgbuild command, passing my “3rd Party Mac Developer Installer” certificate name as an argument to the --sign flag

Everything works fine, and I can verify that the plugin binaries and pkg file are signed using codesign -dvv and pkgutil --check-signature respectively.

However, the pkg gets rejected by GateKeeper, which is confirmed by running spctl -a -v on the file.

Has anyone else experienced similar issues, or managed to get signed packages working properly…?


I assume you will distribute the software outside the appstore?

First of all i think for your plugin has to use the “Developer ID Application: Firstname Lastname” Certificate NOT “Mac Developer”

and the Installer (just an assumption, i didn’t try it)

“Developer ID Installer: Firstname Lastname”

(yes this is very confusing!, and not very clear documented, the documentation in the apple docs is mostly for appstore distrubtion )


Aha! It turns out you’re right. It turns out I just needed to use the “Developer ID Installer” certificate instead of the “Mac Installer Distribution” certificate and not it works. Confusing indeed.

Many thanks.