I got an installer certificate from Apple, my installers are custom APPs (no pkg or something). Now if I run
productsign —sign "Developer ID Installer: xxxx" /DATA/Install/xxx.app /DATA/Install/xxx.app.sign
it just says this:
Usage: productsign [options] --sign <identity> <input-product-path> <output-product-path>
I thought it is buggy or something, but maybe it just doesn't like APP files. Any ideas?
As the documentation states for productsign:
So your input should not be the application bundle, but rather the archive package which you first create with productbuild.
Note that you can sign the product archive directly from productbuild with the --sign option
Just to complicate things further(!), it's possible to use pkgbuild to create an archive and sign with that, but if I recall correctly, you must use productbuild if you're deploying via the App Store.
As I understand it, if your product contains multiple components, they can each be archived with pkgbuild, then bundled together into a single archive with productbuild via the use of a distribution file, which can be created with productbuild and the option --synthesize
For more detail, the top answer to this question details the steps required to make a distributable package.