Out of curiosity, do you have an older copy of the installer that works on those platforms?
toggle quoted messageShow quoted text
You may be able to open it up and view the entitlements/config files and see the differences.
One option is to create a VM with one of those operating systems on it and install a version of Xcode that works on 10.10 and 10.11, then deliver these special case installers or create installers that work on that OS and see what the difference is.
I keep around old 50 GB VMWare images and old Xcode installers just in case.
On Dec 7, 2020, at 3:21 PM, Mark Allan <firstname.lastname@example.org> wrote:
Thanks for the suggestion. No I hadn't checked that tool...but I have now, and it says "YES" ie it's signed correctly, so unfortunately I'm no further forward.
On 7 Dec 2020, at 6:53 pm, Ben Kennedy <email@example.com> wrote:
I can't speak to what might be the problem, but I've been reading about code signing and notarization recently in an effort to better understand how it all works at a lower level, so I'm interested in what you find out.
TN2206 (https://developer.apple.com/library/archive/technotes/tn2206/_index.html) makes reference to using the `check-signature` tool (https://developer.apple.com/download/more/?=SignatureCheck) to validate package signatures. Have you tried that? Does it report anything useful?
On 7 Dec 2020, at 8:57 am, Mark Allan <firstname.lastname@example.org> wrote:
I have a script which Xcode runs as a post-action during the archive phase which takes my compiled app, and generates a signed .pkg installer file along with all the other elements of the app.
For the last few years this has worked fine, but for some reason I'm now unable to open the resulting pkg file on macOS 10.10 and 10.11. When I try to open the installer on the older OSes, I'm presented with the following error message:
Installer_signed.pkg can't be installed because its digital signature is invalid.
The package may have been corrupted or tampered with. Get a new copy of the package and try again.
The signature is valid and I can see this in macOS 11 and 10.15 when clicking the certificate icon in the upper right corner of the window, so I'm not sure what's going on.
Is anyone aware of any changes to pkgbuild and productbuild which might have caused this? The man pages don't reference anything new that might be relevant, so I'm stuck.