Munkipkg has the ability to sign packages with a registered Apple Distribution Certificate. Here is how.

Prerequisites

In order to sign a package in a munkipkg project you will need:

  • membership of the paid Apple Developer Program
  • Xcode installed
  • munkipkg installed, and a working knowledge of the tool

Once all 3 criteria are met you are ready to begin signing your munkipkg projects.

Generate a Distribution Certificate

Open Xcode and sign into your Apple Developer Program registered Apple ID under the Accounts tab. Once you are signed select Manage Certificates in the bottom right of the Apple ID window. In the popup window click the + button in the bottom left corner and select Developer ID Installer. The requested certificate will now display in the current window and a signing certificate will be added to your local keychain.

Apply a Distribution Certificate to a munkipkg project

Now that you have a valid signing certificate, open a current munkipkg project and a signing-info dictionary to the build-info.plist. In the signing-info dictionary add a key titled identity with a string value containing the Common Name of your registered developer organization. Then add another key to the signing-info dictionary titled timestamp with the boolean value true.

Your singing_info dictionary should look like this:

<key>signing_info</key>
<dict>
  <key>identity</key>
  <string>Pretend Co.</string>
  <key>timestamp</key>
  <true/>
</dict>

Save your amendments to the build-info.plist.

Build a signed munkipkg project

Back out to the parent directory of your project and run munkipkg. After execution you should have a shiny, new signed package installer waiting for you in the build directory.