Signing Installer Packages with Automator

Apple packages (.pkgs) are opened by the GUI Installer.app or the command line installer command. If a package is unsigned and gets a quarantine flag (from being transferred over a network), the GUI Installer will refuse to run it.Screen Shot 2016-11-02 at 3.07.35 PM.png¬†We can get around that with a right-click -> Open, but we shouldn’t be training computer users to ignore security warnings like this.

Screen Shot 2016-11-04 at 4.49.33 PM.png
If you are creating your own packages, and users or techs may run them manually, then you really should be signing them. Even if you are deploying them in a way that a person won’t see a warning, signing packages can be very easy and provide a check that nothing changed since you created it. See below the break for how to easily automate signing packages. Continue reading

Advertisements