I wonder if somebody might be able to point me into the right direction of properly sign our own created installation package.
We used
productsign --sign "Developer ID Application: NAME" path/to/installer.mpkg /path/to/signed/output.pkg
If I run pkgutil --check-signature /path/to/signed.pkg i get a correct return.
Whenever I send this via mail or make this available for download it appears to be not signed for the person.
Any idea?
Thanks