Re: Installer pkg built with Xcode 12.2 won't open in macOS 10.10 and 10.11

Jon Gotow

I've had similar problems when code-signing and notarizing an app using Xcode 12.2 on Big Sur.

On my DTK (Apple Silicon) machine running macOS 11.1 beta and Xcode 12.2, if I go through a standard build and notarization using the Xcode GUI, everything appears to be fine. The codesign and spctl commands report everything is fine when I run them on macOS 11 or 10.15 and the app launches as expected. However, on macOS 10.10, I get the error "the sealed resource directory is invalid" when I run spctl and the system refuses to launch the app, saying it's damaged.

However, if I build on my MacBook Pro running macOS 11.1 beta and Xcode 12 beta, the resulting app doesn't have any problems. I'll boot back into Big Sur and find out which Xcode 12 beta I'm running. In any case, I'm hesitant to update to Xcode 12.2 for fear my builds will no longer work on 10.10.

- Jon

On Dec 7, 2020, at 9:57 AM, Mark Allan <> wrote:

I have a script which Xcode runs as a post-action during the archive phase which takes my compiled app, and generates a signed .pkg installer file along with all the other elements of the app.

For the last few years this has worked fine, but for some reason I'm now unable to open the resulting pkg file on macOS 10.10 and 10.11. When I try to open the installer on the older OSes, I'm presented with the following error message:

Installer_signed.pkg can't be installed because its digital signature is invalid.
The package may have been corrupted or tampered with. Get a new copy of the package and try again.

The signature is valid and I can see this in macOS 11 and 10.15 when clicking the certificate icon in the upper right corner of the window, so I'm not sure what's going on.

Is anyone aware of any changes to pkgbuild and productbuild which might have caused this? The man pages don't reference anything new that might be relevant, so I'm stuck.

Join to automatically receive all group messages.