Requirements for Code-Signing Support for OS or OS X–Based Installers

InstallAnywhere 2024 R2

The following requirements must be met for code signing OS or OS X–based installers:

•

The OS X–based installer must be built on a OS or OS X–based system.

•

All code signing must be done on systems that are running OS X 10.9 or later (including OS), since these versions can create version 2 signatures. Version 1 signatures, which are created by earlier versions of OS X, are not recognized by Gatekeeper on systems with OS X 10.9 and later (including OS) and are considered obsolete. Files that are signed with version 2 signatures will work on OS X 10.8 and later (including OS). To learn more, see Technical Note TN2206: OS X Code Signing in Depth in the Developer Library.

•

A Developer ID Application certificate must be used to sign the files. The certificate should be added to the login keychain—not the system keychain—on the machine that is going to be used for code signing, and the same user account that was used to add the certificate to the login keychain should be used to sign files.

•

If you plan on performing builds through the command-line console, ensure that the certificate has been granted access to be used by all applications.

•

Ensure that the latest Xcode IDE and all of its default SDKs are installed on the machine that is going to be used for code signing.

•

The build target for an installer that requires authentication must be OS or OS X; generic UNIX–based build targets do not support authentication on OS or OS X–based systems.

•

Merge modules cannot use authentication independently. To deploy a merge module that requires authentication, you must authenticate the parent installer.