When Apple’s Gatekeeper feature is set to only allow applications downloaded from the Mac App Store and identified developers, users can only install signed packages.
To verify that a package is signed, execute the following command on a computer with the package:
pkgutil --check-signature /path/to/package.pkg
If the output is "Status: signed by a certificate trusted by Mac OS X", the package is signed. If the output is "Status: no signature", the package is not signed.