I have a Mac application that I signed up with the productign command from the terminal
productsign
productsign: signing product with identity "3rd Party Mac Developer Installer: My company (dasdfjkaj)" from keychain /Users/me/Library/Keychains/login.keychain
productsign: adding intermediate certificate "Apple Worldwide Developer Relations Certification Authority"
productsign: Wrote signed product archive to InstallerSigned.pkg
Then I ran the evaluation team
spctl -a -v --type install InstallerSigned.pkg
InstallerSigned.pkg: accepted
I also checked the signature
pkgutil --check-signature InstallerSigned.pkg
Package "InstallerSigned.pkg":
Status: signed by a developer certificate issued by Apple
Certificate Chain:
1. 3rd Party Mac Developer Installer: My company (dasdfjkaj)
2. Apple Worldwide Developer Relations Certification Authority
3. Apple Root CA
When I run the installer from my machine (using the gatekeeper installed in the "Mac App Store and Identified Developers Store"), it works fine. It also installed correctly when I downloaded the same pkg after I deployed it to my website.
But ... when I download pkg to another computer, it does not install. It does not recognize my developer id. When I run the spctl command on a failed machine, I get
spctl -a -v --type install InstallerSigned.pkg
InstallerSigned.pkg: rejected
- , , , pkg ? , :/
EDIT:
, ,
spctl
3[Apple System] P0 allow execute
anchor apple
4[Mac App Store] P0 allow execute
anchor apple generic and certificate leaf[field.<I removed this>] exists
5[Developer ID] P0 allow execute
anchor apple generic and certificate 1[field.<I removed this>] exists and certificate leaf[field.<I removed this>] exists
7[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
10[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
14[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
15[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
18[GKE] P0 allow execute [(gke)]