Gatekeeper signing for OSX DMGs outside of OSX/XCode/Mac App Store?

Question

From looking at notes for the upcoming OSX version (the one after OSX Lion), it appears that all DMGs/installers need to be signed, even if not distributed via the Mac App store

Answer 1

It's super easy:

CODESIGN_IDENTITY='Name of Code Sign Cert' # Found in Keychain Access

codesign -s "$CODESIGN_IDENTITY" -v path/to/YourApp.app

Then on the dmg:

codesign -s "$CODESIGN_IDENTITY" -v path/to/YourApp.dmg

This even works on read-only DMGs like UDZO.