[SOLVED] pkgbuild produces a package that fails to install

pkgbuild produces a package that fails to install

I am trying to create a simple macOS package that installs a tool in /usr/local/:

hello.c:

#include <stdio.h>
int main(void) {
  printf("Hello World\n");
  return 0;
}

distribution.plist:

<installer-gui-script minSpecVersion="1">
    <product id="net.world" version="1.0"/>
    <title>Hello World</title>
    <choices-outline>
      <line choice="net.world.hello"/>
    </choices-outline>
    <choice id="net.world.hello" title="Hello">
      <pkg-ref id="net.world.hello">h1.pkg</pkg-ref>
    </choice>
</installer-gui-script>

build.sh:

#!/bin/sh
cc -o hello hello.c
mkdir -p local/bin
cp hello local/bin/
codesign -s - -i net.world.hello local/bin/hello
pkgbuild --identifier net.world.hello \
         --root local \
         --install-location /usr/local \
         h1.pkg
productbuild --distribution distribution.plist --resources . hello.pkg

The build scrips produces a package hello.pkg. However, when I try to install it, I get

<Debug>: Product archive /Users/foo/hello.pkg trustLevel=100
<Error>: PKInstallRequest: failed to initialize. Error: Error Domain=PKInstallRequestErrorDomain Code=2 "Specifier Description:<PKPackageSpecifier>:
    {
        URL = "file:///Users/foo/h1.pkg";
        identifier = "net.world.hello";
        options = 0;
        version = 0;
    }" UserInfo={NSLocalizedFailureReason=Specifier Description:<PKPackageSpecifier>:
    {
        URL = "file:///Users/foo/h1.pkg";
        identifier = "net.world.hello";
        options = 0;
        version = 0;
    }}
<Debug>: External component packages (1) trustLevel=100 (trust evaluation failed)
<Debug>: -[IFDInstallController(Private) _buildInstallPlanReturningError:]: location = file://localhost
<Debug>: -[IFDInstallController(Private) _buildInstallPlanReturningError:]: file://localhost/Users/foo/h1.pkg
<Error>: Failed to locate package at path /Users/foo/h1.pkg (h1.pkg -- file://localhost/Users/foo/hello.pkg)
<Error>: Install failed: The Installer can’t locate the data it needs to install the software. Check your install media or internet connection and try again, or contact the software manufacturer for assistance.

The package build runs on Github Action (macOS 11/Xcode 13.2). What is wrong with this setup, and how can I create a distributable package that installs in /usr/local?

Solution

After a number of attempts, I found that it pragmatically works if the components get a version assigned, i.e. pkgbuild --version 1.2.3 …, or in the distribution.plist. This is somehow surprising, as the documentation doesn't state that a version is required (it says that the version is then set to 0 and it cannot decide whether it is an upgrade or a downgrade).

It has however nothing to do with the signature or permissions.