Code-Signing in OS-X Series, Part 3: Code-Signing Your Installers

This series covers the topic of code-signing in OS-X. In this final entry in our three-part series, we discuss two options for performing code-signing.

Option 1: Code Signing at Build Time
Once you have added the code-signing capability to one of your InstallAnywhere build machines, you can use that machine to build authenticated installers for OS X–based target systems. To configure your InstallAnywhere project to code sign your build output and include authentication support:

1. In the Advanced Designer, on the Project page, click Platforms. The Platforms view opens.
2. In the Mac OS X area, in the Code Signing setting, select the Code Sign the Generated Installer check box
3. Specify the location and password of the certificate. The use of build-time variables for the certificate location and password is highly recommended for security purposes.
4. Under the Authentication category, in the Requires an Administrator Name and Password to Install setting, select Yes
5. Optionally change the value of the Always Show GUI setting

Option 2: Code Signing the Output on a Designated Code-Signing Machine
To configure your InstallAnywhere project to include authentication support in your OS X–based installers:

1. In the Advanced Designer, on the Project page, click Platforms. The Platforms view opens.
2. In the Mac OS X area, under the Authentication category, in the Requires an Administrator Name and Password to Install setting, select Yes
3. Optionally change the value of the Always Show GUI setting
4. In the Code Signing setting, ensure that the Code Sign the Generated Installer check box is cleared

To code sign the build output (install.zip file) on a separate code-signing machine:

1. Customize the two information property list files (one for the installer and one for the authentication wrapper) in the build output so that they include the user ID from your Developer ID Application certificate
2. Code sign and check the installer (which is in a subfolder of the authentication wrapper; that is, the install.appContentsResourcesinstall.app folder)
3. Code sign and check the authentication wrapper (that is, the top-level install.app folder)
4. Compress the top-level install.app back into an install.zip file

For step-by-step details, verification methods and general troubleshooting tips, refer to the full article.

InstallAnywhere is the leading multiplatform development solution for application producers who need to deliver a professional and consistent cross installation experience for physical, virtual and cloud environments. From a single project file and build environment, InstallAnywhere creates reliable installations for on-premises platforms – Windows, Linux, Apple OS X, Solaris, AIX , HP-UX, and IBM iSeries – and enables you to take existing and new software products to a virtual and cloud infrastructure and build Docker containers.  Get your free trial of InstallAnywhere or contact us for more information. 

InstallShield® is the world's leading Windows installation development solution. InstallShield is designed to enable development teams to be more agile, collaborative and flexible when building reliable InstallScript and Windows Installer MSI installations for desktop, server, Web, virtual and traditional applications. The software installer of choice for today's sophisticated application producers, InstallShield is the only software installer that can directly convert MSIs to Microsoft App-V virtual packages. Get your free trial of InstallShield today or contact us for more information.