Hi Stephane, The --extract-certs option somehow doesn't work. xar said unrecognized option `--extract-certs` and the manual of xar doesn't have any extract-certs option :( ... NOTE: xar version is 1.6dev But --dump-toc works well :), I just want to know that the following info is about the "MY Apple Developer ID Installer certificates" ? "<X509Data> <X509Certificate>CERT1<\X509Certificate> <X509Certificate>CERT2<\X509Certificate> <\X509Data>" And is this info is different for different Apple Developer ID certificates ? I signed two different payload with same developer ID, then I check the diff of both xml header info. There is no diff between the signature info part of header file. That's why I am assuming the above xml info has one-to-one relation with certificate used to sign the package. I don't have any other certificate to counter check this which makes it sure. Thanks, Khushneet -----Original Message----- From: installer-dev-bounces+ksingh=quark.com@lists.apple.com [mailto:installer-dev-bounces+ksingh=quark.com@lists.apple.com] On Behalf Of Stephane Sudre Sent: Friday, October 26, 2012 12:52 PM To: installer-dev@lists.apple.com Subject: Re: Verify productsign on flat packages On Fri, Oct 26, 2012 at 7:15 AM, Khushneet Inder Singh <ksingh@quark.com> wrote:
Hi,
Thanks for reply, but the "--check-signature" option in pkgutil was introduced later in 10.7(Lion). So for me the problem remains the same
, I am still unable to verify signature on snow leopard and leopard.
Considering that a flat package/distribution is a xar archive, a solution could be to: 1. extract the certificates from the archive either using --dump-toc and some XML parsing or using a fork of the xar project: http://mackyle.github.com/xar/howtosign.html 2. use 'openssl x509' to retrieve the information you need. _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/installer-dev/ksingh%40quark.com This email sent to ksingh@quark.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/installer-dev/site_archiver%40lists.... This email sent to site_archiver@lists.apple.com