Productsign

40 views
Skip to first unread message

Graham R Pugh

unread,
Jul 24, 2014, 1:32:57 PM7/24/14
to the-l...@googlegroups.com
Hi all,
I've seen this visited once before, but without resolution as far as I could tell. 

Do you know if luggage have a way to automatically sign packages using 'productsign'? 

The reason this would be useful is particularly in the 'make dmg' command, so that one didn't have to 'make pkg', then use productsign, then use some other tool to make the dmg.

Some functionality like:
make dmg --sign="[Common Name of certificate]"

and/or a line in the Makefile specifying the Common Name and the desire to sign it, would be excellent.

Cheers,
Graham

Vaughn Miller

unread,
Jul 24, 2014, 1:42:32 PM7/24/14
to the-l...@googlegroups.com
When using pkgbuild by specifying USE_PKGBUILD=1   I have been able to build signed packages by adding this line to the Makefile : 

PB_EXTRA_ARGS+= --sign "[Common Name of certificate]"

Vaughn Miller
Desktop Engineer
Lafayette College


--
You received this message because you are subscribed to the Google Groups "The Luggage" group.
To unsubscribe from this group and stop receiving emails from it, send an email to the-luggage...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Graham R Pugh

unread,
Jul 29, 2014, 2:13:16 PM7/29/14
to the-l...@googlegroups.com
Thanks Vaughn, that's perfect. I'd ended up writing a small script to do it, but this is much better.

Graham

Graham R Pugh

unread,
Jul 31, 2014, 3:56:37 PM7/31/14
to the-l...@googlegroups.com
Actually, it isn't working.

If I understand you rightly, I should put the following lines in my Makefile:

USE_PKGBUILD=1
PB_EXTRA_ARGS+= --sign "My Name"

And when I run 'make pkg', I should see "--sign "My Name"" in the pkgbuild flags.  I don't.  Any ideas why not?

Cheers, Graham

Vaughn Miller

unread,
Jul 31, 2014, 4:07:16 PM7/31/14
to the-l...@googlegroups.com
Just a guess, but the line : 
USE_PKGBUILD=1 

should before the line :

include /usr/local/share/luggage/luggage.make line.  

See here for some discussion/history of this : https://github.com/unixorn/luggage/pull/42

Vaughn

Graham R Pugh

unread,
Jul 31, 2014, 6:29:31 PM7/31/14
to the-l...@googlegroups.com
Hi Vaughn,

Thanks for your reply.  Unfortunately that's not it either.  
I've pasted my script and the output here: http://pastebin.com/7BHYZ8fQ

(FYI the idea of this script is to bundle together Munki tools with post-installation config scripts (which set the repo and use an altered version of munki-enroll to create a unique manifest for the machine that's joining.)

Cheers, Graham

Vaughn Miller

unread,
Jul 31, 2014, 6:45:41 PM7/31/14
to the-l...@googlegroups.com
Moving the PB_EXTRA_ARGS statement to after the include statement should fix it up for you,  The initial value for PB_EXTRA_ARGS will be set in luggage.make and then your added line will add the additional --sign argument.

Vaughn

Graham R Pugh

unread,
Jul 31, 2014, 7:01:27 PM7/31/14
to the-l...@googlegroups.com
Oh, awesome, that's it. And makes total sense of course. Many thanks!

Cheers, Graham
Reply all
Reply to author
Forward
0 new messages