New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add -s option to sign package #703

Merged
merged 4 commits into from Feb 18, 2017

Conversation

Projects
None yet
2 participants
@erikng
Copy link
Contributor

erikng commented Feb 18, 2017

This PR adds -s option to sign both the DEP package script and the normal script.

./make_munki_mpkg.sh -s "Developer ID Installer: Munki (U8PN57A5N2)"
./make_munki_mpkg_DEP.sh -s "Developer ID Installer: Munki (U8PN57A5N2)"

I have tested without the option and with the option for both scripts. This should not be a breaking change to anyone's configuration.

erikng added some commits Feb 18, 2017

add -s option to DEP package script
Signed-off-by: Erik Gomez <e@eriknicolasgomez.com>
add -s option to package script
Signed-off-by: Erik Gomez <e@eriknicolasgomez.com>
-i id Set the base package bundle ID
-r root Set the munki source root
-o dir Set the output directory
-c package Include a configuration package (NOT CURRENTLY IMPLEMENTED)
-s cert Sign distribution package with signing certificate from keychain

This comment has been minimized.

@gregneagle

gregneagle Feb 18, 2017

Contributor

Might want to better describe the needed input string; this is going to confuse people

This comment has been minimized.

@erikng

erikng Feb 18, 2017

Contributor

How about now?

This comment has been minimized.

@gregneagle

gregneagle Feb 18, 2017

Contributor

Still not sure about that. 'cert' and 'signing certificate from keychain' still seem ambiguous. What is required here is the common name/CN of the 'signing certificate from keychain', no?

This comment has been minimized.

@erikng

erikng Feb 18, 2017

Contributor

Correct.

How about this:
-s CN Sign distribution package with an installer certificate from keychain. Requires Common Name

This comment has been minimized.

@gregneagle

gregneagle Feb 18, 2017

Contributor

or -s cert_cn Sign distribution package with a Developer ID Installer certificate from keychain. Provide the certificate's Common Name

erikng added some commits Feb 18, 2017

Add example for -s option
Signed-off-by: Erik Gomez <e@eriknicolasgomez.com>
further clarification of -s option
Signed-off-by: Erik Gomez <e@eriknicolasgomez.com>
@gregneagle

This comment has been minimized.

Copy link
Contributor

gregneagle commented on code/tools/make_munki_mpkg.sh in 8d8bd51 Feb 18, 2017

This is clear and the example helps. I know from past experience people are terribly confused about this sort of this and so it is vital to be very, very clear.

@gregneagle gregneagle merged commit 66e5005 into munki:master Feb 18, 2017

@erikng

This comment has been minimized.

Copy link
Contributor

erikng commented Feb 18, 2017

Thanks for merging. This will be extremely helpful for people who want to deploy a standard munki install through DEP (and of course for everyone else as well).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment