productsign(1) | General Commands Manual | productsign(1) |
productsign
— Sign
a macOS Installer product archive
productsign |
[options] --sign identity
input-product-path.pkg
output-product-path.pkg |
productsign
adds a digital signature to a
product archive previously created with productbuild(1).
Although you can add a digital signature at the time you run
productbuild(1), you may wish to add a signature later,
once the product archive has been tested and is ready to deploy. If you run
productsign
on a product archive that was previously
signed, the existing signature will be replaced.
To sign a product archive, you will need to have a certificate and
corresponding private key -- together called an “identity” --
in one of your accessible keychains. To add a signature, specify the name of
the identity using the --sign
option. The identity's
name is the same as the “Common Name” of the certificate.
If you want to search for the identity in a specific keychain,
specify the path to the keychain file using the
--keychain
option. Otherwise, the default keychain
search path is used.
productsign
will embed the signing
certificate in the product archive, as well as any intermediate certificates
that are found in the keychain. If you need to embed additional certificates
to form a chain of trust between the signing certificate and a trusted root
certificate on the system, use the --cert
option to
give the Common Name of the intermediate certificate. Multiple
--cert
options may be used to embed multiple
intermediate certificates.
The signature can optionally include a trusted timestamp. This is
enabled by default when signing with a Developer ID identity, but it can be
enabled explicitly using the --timestamp
option. A
timestamp server must be contacted to embed a trusted timestamp. If you
aren't connected to the Internet, you can use
--timestamp=none
to disable timestamps, even for a
Developer ID identity.
--sign
identity-name--keychain
keychain-path--cert
certificate-name--timestamp
--timestamp=none
September 15, 2010 | macOS |