Title
#core
s

seph

01/20/2021, 3:09 AM
@alessandrogario Thinking about codesignig and notarization…
3:11 AM
osx pkg files are
xar
format. Sometimes
tar
will read them, else
xar
will.
3:12 AM
Much of what I know is encoded into https://github.com/kolide/launcher/blob/master/Makefile that tool is kinda terrible (being make), but it’s easier to point at than the go code. Though I can find the go if we want to use that tooling
3:13 AM
3:17 AM
My go code for this is a bit sprawling, but https://github.com/kolide/launcher/blob/master/pkg/packagekit/package_pkg.go is the core of the pkg generation. It runs:1.
pkgbuild
to get a “flat package” 2.
productbuild
to get a “distribution package” 3.
xcrun altool
to submit it to notary (And the larger framework sets the notarization uuid as storage metadata which something else comes along to check later on)
3:17 AM
All the rest of that code is error handling and setup and whatnot
3:19 AM
If you want the gritty notarization code, it recently moved to a public repo. https://github.com/kolide/launcher/blob/master/pkg/packagekit/applenotarization/applenotarization.go the only real callout is that
--output-format xml
makes it way easier to parse