<@U6EFFT5FG> Thinking about codesignig and notariz...
# core
@alessandrogario Thinking about codesignig and notarization…
đź’Ż 1
osx pkg files are
format. Sometimes
will read them, else
Much of what I know is encoded into https://github.com/kolide/launcher/blob/master/Makefile that tool is kinda terrible (being make), but it’s easier to point at than the go code. Though I can find the go if we want to use that tooling
My go code for this is a bit sprawling, but https://github.com/kolide/launcher/blob/master/pkg/packagekit/package_pkg.go is the core of the pkg generation. It runs: 1.
to get a “flat package” 2.
to get a “distribution package” 3.
xcrun altool
to submit it to notary (And the larger framework sets the notarization uuid as storage metadata which something else comes along to check later on)
All the rest of that code is error handling and setup and whatnot
If you want the gritty notarization code, it recently moved to a public repo. https://github.com/kolide/launcher/blob/master/pkg/packagekit/applenotarization/applenotarization.go the only real callout is that
--output-format xml
makes it way easier to parse