Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   23457 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

productsign(1)		  BSD General Commands Manual		productsign(1)

NAME
     productsign — Sign an OS X Installer product archive

SYNOPSIS
     productsign [options] --sign identity input-product-path
		 output-product-path

DESCRIPTION
     productsign adds a digital signature to a product archive previously cre‐
     ated with productbuild(1).	 Although you can add a digital signature at
     the time you run productbuild(1), you may wish to add a signature later,
     once the product archive has been tested and is ready to deploy. If you
     run productsign on a product archive that was previously signed, the
     existing signature will be replaced.

     To sign a product archive, you will need to have a certificate and corre‐
     sponding private key -- together called an “identity” -- in one of your
     accessible keychains. To add a signature, specify the name of the iden‐
     tity using the --sign option. The identity's name is the same as the
     “Common Name” of the certificate.

     If you want to search for the identity in a specific keychain, specify
     the path to the keychain file using the --keychain option. Otherwise, the
     default keychain search path is used.

     productsign will embed the signing certificate in the product archive, as
     well as any intermediate certificates that are found in the keychain. If
     you need to embed additional certificates to form a chain of trust
     between the signing certificate and a trusted root certificate on the
     system, use the --cert option to give the Common Name of the intermediate
     certificate. Multiple --cert options may be used to embed multiple inter‐
     mediate certificates.

     The signature can optionally include a trusted timestamp. This is enabled
     by default when signing with a Developer ID identity, but it can be
     enabled explicitly using the --timestamp option. A timestamp server must
     be contacted to embed a trusted timestamp. If you aren't connected to the
     Internet, you can use --timestamp=none to disable timestamps, even for a
     Developer ID identity.

ARGUMENTS AND OPTIONS
     --sign identity-name
		 The name of the identity to use for signing the product ar‐
		 chive.

     --keychain keychain-path
		 Specify a specific keychain to search for the signing iden‐
		 tity.

     --cert certificate-name
		 Specify an intermediate certificate to be embedded in the
		 product archive.

     --timestamp
		 Include a trusted timestamp with the signature.

     --timestamp=none
		 Disable trusted timestamp, regardless of identity.

     input-product-path
		   The product archive to be signed.

     output-product-path
		   The path to which the signed product archive will be writ‐
		   ten. Must not be the same as input-product-path.

SEE ALSO
     productbuild(1)

Mac OS			      September 15, 2010			Mac OS

Vote for polarhome