Signing AutoPkg-built packages using a .sign recipe
2021-07-31 03:22:29 Author: derflounder.wordpress.com(查看原文) 阅读量:43 收藏

Home > AutoPkg, Mac administration, macOS > Signing AutoPkg-built packages using a .sign recipe

Signing AutoPkg-built packages using a .sign recipe

For those that need to sign their AutoPkg-generated installer packages with a signing certificate, the PkgSigner processor is available to assist with this. When I originally started using this processor, I was building the signing part directly into .pkg recipes, but my teammate @jaharmi came up with a better and more modular idea: the .sign recipe.

Screen Shot 2021 07 30 at 2 09 06 PM

The .sign recipe uses the PkgSigner processor and is designed to be placed in the AutoPkg workflow between a .pkg recipe and a.jss recipe for JSSImporter, a .munki recipe for Munki or other recipes used to upload an installer package to a deployment tool. In this case, the .pkg recipe would be a parent recipe for the .sign recipe. In turn, the .sign recipe would be used as the parent recipe for whatever came next in the workflow.

Screen Shot 2021 07 30 at 2 07 10 PM

For those who want to use .sign recipes, there is an example recipe available via the link below:

https://github.com/autopkg/rtrouton-recipes/blob/master/SharedProcessors/Example.sign.recipe

If you want to use the PkgSigner processor hosted from my AutoPkg recipe repo, first verify that AutoPkg is installed on the Mac you’re using. Once verified, run the following command:

autopkg repo-add rtrouton-recipes

文章来源: https://derflounder.wordpress.com/2021/07/30/signing-autopkg-built-packages-using-a-sign-recipe/
如有侵权请联系:admin#unsafe.sh