For security reasons, and to protect users, it may sometimes be required that you prevent unsigned (or unknown) packages from being deployed.
If you're downloading a PKG from a vendor's website, then this *shouldn't* normally affect you. But, if you want to build your own packages (custom pre and post flight scripts, for example), or the application vendor hasn't signed their app (you should consider why this is), then here's a simple guide on how to sign a package for deployment using Meraki Systems Manager
If you don't know if a package is signed on not, when running the installer manually, you'll see a padlock in the top right: Clicking on this will show you the signing certificate
Select the CertificateSigningRequest.certSigningRequest file you created earlier
You can now download your certificate
Double Click this to add to your Mac’s keychain (You may wish to create a new keychain to keep your developer certs)
Part Four: Signing your package
You’ll need to know the identity of the signing certificate you created in the first section. You can find installed Identities with:
security find-identity -v -p codesigning
Open Terminal in the directory where your newly created install package is. We are going to use com.meraki.plistonly.pkg
productsign --sign 'Developer ID Installer: Paul Fidler (7H6G5F4D3D)' com.meraki.plistonly.pkg com.meraki.plistonly-signed.pkg
You’ll be prompted for the currently logged in user’s password.
You should see the following:
productsign: using timestamp authority for signature
productsign: signing product with identity "Developer ID Installer: Paul Fidler (7H6G5F4D3D)" from keychain /Users/Paul.Fidler/Library/Keychains/login.keychain-db
productsign: adding certificate "Developer ID Certification Authority"
productsign: adding certificate "Apple Root CA"
productsign: Wrote signed product archive to com.meraki.plistonly-signed.pkg
And, et voila, you now have a signed installer called com.meraki.plistonly-signed.pkg !