Gatekeeper signing for OSX DMGs outside of OSX/XCode/Mac App Store?

Question

From looking at notes for the upcoming OSX version (the one after OSX Lion), it appears that all DMGs/installers need to be signed, even if not distributed via the Mac App store.

I couldn't find a command-line tool to do this signing though, or much documentation about obtaining a signing cert without submitting to the App Store.

Can someone shed light on: 1) How to obtain a certificate without distributing you app via the Mac App Store? 2) How to sign a DMG without using built-in XCode tools (preferable a cross-platform tool)?

Thanks!

Answer 1

Codesigning is described in detail here and here - basically you need to obtain a cert and then you can sign your application... AFAIK there is currently no official docs on signing the DMG itself. As for your second question (cross-platform signing) there no such tool available (at least none that is officially supported by Apple). As for information regarding future OS X version(s) I highly recommend asking on the proper Apple-Forums (usually there are also forums for NDA-related things).

Answer 2

It's super easy:

CODESIGN_IDENTITY='Name of Code Sign Cert' # Found in Keychain Access

codesign -s "$CODESIGN_IDENTITY" -v path/to/YourApp.app

Then on the dmg:

codesign -s "$CODESIGN_IDENTITY" -v path/to/YourApp.dmg

This even works on read-only DMGs like UDZO.

Answer 3

Signing Disk Images (Source : Apple)

Disk images can be signed using the codesign tool on macOS 10.11.5 and later. This allows the entire disk image to be validated by Gatekeeper the first time it is mounted.

Gatekeeper will validate the contents of the disk image as well.

Disk images should only be signed with your Developer ID Application identity.

On macOS Sierra and later, spctl can be used to assess a disk image's signature, like this:

$ spctl -a -t open --context context:primary-signature -v MyImage.dmg /Users/me/Downloads/MyImage.dmg: accepted source=Developer ID

Note: A disk image signed on OS X 10.11.5 or 10.11.6 may not be able to be re-signed. In this situation, the operation will appear to succeed, but the signature will be invalid. If you encounter this condition, sign a new (unsigned) copy of the image on macOS Sierra or later.