Add documentation on self-signing an installer cert

Unlike a code signing cert, where a self-signed cert will not work,
and where Apple provides both a development and a deployment cert,
for the installer package a special cert is required, and a self-
signed cert is a very good idea because Apple does not provide a
development installer cert, just a deployment installer cert.

Expand the documentation, and include a link to a Stack Exchange
answer that describes how to make such a self-signed cert.

Also, tweak the Google-internal link for the code signing
development cert, as that is now where it can be found.

Bug: none
Change-Id: Idf8db4f14322a775c640180c19719a62feac5e8b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2488026
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Auto-Submit: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#819423}

chrome/installer/mac/signing/README.md

@@ -16,7 +16,7 @@ which you can set up in a new GN out directory with the following args:
 The scripts are invoked using the driver located at
 `//chrome/installer/mac/sign_chrome.py`. In order to sign a binary, a signing
 identity is required. Googlers can use the [internal development
-identity](https://goto.google.com/macoscerts); otherwise you must supply your
+identity](https://goto.google.com/ioscerts); otherwise you must supply your
 own. Note that a
 [self-signed](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html)
 identity is incompatible with the _library validation_ signing option that
@@ -32,6 +32,30 @@ speeds up the signing process when one is only interested in a signed .app
 bundle. The `--development` flag skips over code signing requirements and checks
 that do not work without the official Google signing identity.
 
+## The Installer Identity
+
+The above section speaks of the `--identity` parameter to `sign_chrome.py`, and
+how the normal development identity will do, and how a self-signed identity will
+not work. However, the identity used for Installer (.pkg) files is different.
+
+Installer files require a special Installer Package Signing Certificate, which
+is different than a normal certificate in that it has a special Extended Key
+Usage extension.
+
+For the normal identity, Apple provides both a development and a deployment
+certificate, and while the deployment certificate can be (and should be)
+carefully guarded, the development certificate can be more widely used by the
+development team. However, Apple provides _only_ a deployment installer
+certificate. For development purposes, you must self-sign your own.
+
+Directions on how to create a self-signed certificate with the special Extended
+Key Usage extension for installer use can be found on
+[security.stackexchange](https://security.stackexchange.com/a/47908).
+
+You will need to explicitly mark the certificate in Keychain Access as trusted.
+Be sure that `security -v find-identity` lists this new certificate as a valid
+identity.
+
 ## Chromium
 
 There are slight differences between the official Google Chrome signed build and