I used the following command to sign a package, the output is as follows:
productsign --sign "Developer ID Installer: Jie Tian (D29U75AWM7)" ~/Downloads/literate-enigma-1.0.pkg ~/Downloads/literate-enigma.signed.pkg
productsign: using timestamp authority for signature
Warning: unable to build chain to self-signed root for signer "Developer ID Installer: Jie Tian (D29U75AWM7)"
productsign: signing product with identity "Developer ID Installer: Jie Tian (D29U75AWM7)" from keychain /Users/jeff/Library/Keychains/login.keychain-db
productsign: Wrote signed product archive to ~/Downloads/literate-enigma.signed.pkg
When I open the signed installer the following dialogue pops up:
