Re: Installer pkg built with Xcode 12.2 won't open in macOS 10.10 and 10.11


Mark Allan
 

Hey Ben,

Thanks for the suggestion. No I hadn't checked that tool...but I have now, and it says "YES" ie it's signed correctly, so unfortunately I'm no further forward.

Mark

On 7 Dec 2020, at 6:53 pm, Ben Kennedy <ben-groups@zygoat.ca> wrote:

Hey Mark,

I can't speak to what might be the problem, but I've been reading about code signing and notarization recently in an effort to better understand how it all works at a lower level, so I'm interested in what you find out.

TN2206 (https://developer.apple.com/library/archive/technotes/tn2206/_index.html) makes reference to using the `check-signature` tool (https://developer.apple.com/download/more/?=SignatureCheck) to validate package signatures. Have you tried that? Does it report anything useful?

-ben


On 7 Dec 2020, at 8:57 am, Mark Allan <markjallan@gmail.com> wrote:

Hi all,

I have a script which Xcode runs as a post-action during the archive phase which takes my compiled app, and generates a signed .pkg installer file along with all the other elements of the app.

For the last few years this has worked fine, but for some reason I'm now unable to open the resulting pkg file on macOS 10.10 and 10.11. When I try to open the installer on the older OSes, I'm presented with the following error message:

Installer_signed.pkg can't be installed because its digital signature is invalid.
The package may have been corrupted or tampered with. Get a new copy of the package and try again.

The signature is valid and I can see this in macOS 11 and 10.15 when clicking the certificate icon in the upper right corner of the window, so I'm not sure what's going on.

Is anyone aware of any changes to pkgbuild and productbuild which might have caused this? The man pages don't reference anything new that might be relevant, so I'm stuck.

Thanks
Mark








Join xcode@apple-dev.groups.io to automatically receive all group messages.