gregneagle
commented
3 months ago productsign is for signing packages; you need to use codesign to sign executables.
Closed dvdborn closed 2 months ago
gregneagle
commented
3 months ago productsign is for signing packages; you need to use codesign to sign executables.
dvdborn
commented
2 months ago Thanks, my mistake.
I was wrong in thinking that the issue was with pycreateuserpkg, and more specificaly with the createuser executable.
However, it's Gatekeeper that's preventing to execute createuser. Only codesigning the executable isn't enough to fix this. It needs to be notorized by Apple in order to pass Gatekeeper. With Gatekeeper disabled the pycreateuserpkg generated package installed without a problem.
In short, there's no issue with pycreateuserpkg under macOS Sequoia.
Generated packages, even when they have been signed, can't be installed by Sequoia 15 Beta 8.
When you try to install a package you'll get an error window telling you that the package can't be installed.
This is what's being logged by the Installer.app:
It looks like the createuser executable in the installer package also needs to be signed in order to perform the installation. As a workaround I expanded the generated package using pkgutil. I then tried to sign createuser using the productsign command. However this wasn't possible (error: Can't read input product archive "./createuser").