Re: [munki-discuss] Abridged summary of munki-discuss@googlegroups.com - 2 updates in 1 topic

6 views
Skip to first unread message

Rick Davis

unread,
Oct 9, 2024, 8:12:58 AMOct 9
to munki-...@googlegroups.com
Maybe I'm showing my ignorance, but, what are the pros/cons or reasons to use or not use the signed and notarized installer?

Rick

On Wed, Oct 9, 2024 at 8:01 AM <munki-...@googlegroups.com> wrote:
You received this digest because you're subscribed to updates for this group. You can change your settings on the group membership page.
To unsubscribe from this group and stop receiving emails from it send an email to munki-discus...@googlegroups.com.


--

Gregory Neagle

unread,
Oct 9, 2024, 2:37:03 PMOct 9
to 'Gregory Neagle' via munki-discuss
The signed build not only has a signed and notarized _package_, but the binaries it installs are also signed and notarized.

A signed and notarized package can be installed by double-clicking without having to jump through any additional hoops, making it a better choice for scenarios where a manual install is needed/required.

But more importantly, a signed /usr/local/munki/managedsoftwareupdate binary makes it possible to use MDM configuration profiles to grant managedsoftwareupdate TCC permissions.


An alternative is to build the tools and package yourself and sign them with your own (or oyour organization’s) Developer ID.

-Greg

--
You received this message because you are subscribed to the Google Groups "munki-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to munki-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/munki-discuss/CAHmW1m%2BN7jNW-jFTNmc0qAqCdcYTG05mrSCkSZGengsJEx-8eg%40mail.gmail.com.

Reply all
Reply to author
Forward
0 new messages