manpagez: man pages & more
man productsign(1)
Home | html | info | man
productsign(1)            BSD General Commands Manual           productsign(1)


NAME

     productsign -- Sign an OS X Installer product archive


SYNOPSIS

     productsign [options] --sign identity input-product-path
                 output-product-path


DESCRIPTION

     productsign adds a digital signature to a product archive previously cre-
     ated with productbuild(1).  Although you can add a digital signature at
     the time you run productbuild(1), you may wish to add a signature later,
     once the product archive has been tested and is ready to deploy. If you
     run productsign on a product archive that was previously signed, the
     existing signature will be replaced.

     To sign a product archive, you will need to have a certificate and corre-
     sponding private key -- together called an ``identity'' -- in one of your
     accessible keychains. To add a signature, specify the name of the iden-
     tity using the --sign option. The identity's name is the same as the
     ``Common Name'' of the certificate.

     If you want to search for the identity in a specific keychain, specify
     the path to the keychain file using the --keychain option. Otherwise, the
     default keychain search path is used.

     productsign will embed the signing certificate in the product archive, as
     well as any intermediate certificates that are found in the keychain. If
     you need to embed additional certificates to form a chain of trust
     between the signing certificate and a trusted root certificate on the
     system, use the --cert option to give the Common Name of the intermediate
     certificate. Multiple --cert options may be used to embed multiple inter-
     mediate certificates.

     The signature can optionally include a trusted timestamp. This is enabled
     by default when signing with a Developer ID identity, but it can be
     enabled explicitly using the --timestamp option. A timestamp server must
     be contacted to embed a trusted timestamp. If you aren't connected to the
     Internet, you can use --timestamp=none to disable timestamps, even for a
     Developer ID identity.


ARGUMENTS AND OPTIONS

     --sign identity-name
                 The name of the identity to use for signing the product ar-
                 chive.

     --keychain keychain-path
                 Specify a specific keychain to search for the signing iden-
                 tity.

     --cert certificate-name
                 Specify an intermediate certificate to be embedded in the
                 product archive.

     --timestamp
                 Include a trusted timestamp with the signature.

     --timestamp=none
                 Disable trusted timestamp, regardless of identity.

     input-product-path
                   The product archive to be signed.

     output-product-path
                   The path to which the signed product archive will be writ-
                   ten. Must not be the same as input-product-path.


SEE ALSO

     productbuild(1)

Mac OS                        September 15, 2010                        Mac OS

Mac OS X 10.8 - Generated Mon Aug 20 15:50:43 CDT 2012
© manpagez.com 2000-2020
Individual documents may contain additional copyright information.