New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support writing flat packages (.pkg
installers)
#3
Comments
You mentioned very clearly in the latest docs change 080f9e3 -
It is my recollection that this doesn't work with official macOS signing toolchain neither. In my experience I had to call But, maybe things had changed since first writing my CI scripts, it would be nicer if a single top-level recursive sign could work fully. |
This is also in part because the bundle should be signed with the |
If the docs I wrote are incorrect, please submit a PR to fix them! I actually haven't signed installers that much and the docs I wrote related to installer signing may be horribly wrong! Regarding the requirements to sign with different certificates, this is very much a solvable problem! apple-codesign doesn't have it yet, but it is very possible to automatically choose the best signing certificate given a bucket of potential signing certificates. We can easily identify whether a signing certificate is e.g. |
There's also https://github.com/hogliux/bomutils which hasn't been updated in a while but could be useful nonetheless. |
I just pushed my unfinished I think reading support is semi-solid. But there are gaps in understanding of the file format. Writing support is known to be broken. My recollection is there is something exceptionally low-level causing a few bits and crc32's to disagree compared with Apple's tooling. I remember attempting to brute force the crc32 to figure out which input bytes were wrong. That's how desperate I was at the time. |
We currently lack support for writing flat packages. This means we can't recursively sign
.pkg
installers. Nor can we create our own.pkg
installers from scratch.This issue tracks implementing support for writing flat packages /
.pkg
installers.Main blocker to this is a working implementation of Apple's Bill of Materials (
Bom
files) file format. I have a partial implementation of this in an unpublished crate. But as of writing this comment it isn't compatible with Apple's so resulting.pkg
are broken.The text was updated successfully, but these errors were encountered: