I’m in the process of upgrading osquery from 3.3.0 to 4.9.0. I have the 4.9.0 code building fine and packaging for 

MacOS

 creating a pkg fine also.  I notice the packaging mechanism has changed since 3.3.0. One thing that I can’t find how to do with 4.9.0 packaging on 

MacOS

 is to ensure a restart of 

osqueryd

 at the end of the install.  With the 3.3.0 code base, there was a flag passed to the now-superseded packaging script. Any tips on how the same type of postinstall unload/load of the daemon can be achieved?

things are about to change again as we're around the corner from 5… the packaging.cmake file is no longer in master, but they were using a postinstall.sh on linux, you could do the same for Mac

Thanks for the suggestions. I’d like to avoid requiring a reboot. Where can I read about the packaging changes planned for v5?

good question, the signing is definitely changing and I believe a lot is moving into githubs actions/pipelines/CI/CD but I'm otherwise unclear about what or where the 'makefile' textual representation of that artifact of the release process is recorded/would be modifiable

Thanks. I’ll take a look there next.

Hey, you might want to have a look here for general guidance: https://osquery.readthedocs.io/en/latest/development/building/#building-packages For your specific problem, you would have to modify the osquery-packaging CMake files to add

CPACK_POSTFLIGHT_<COMP>_SCRIPT
Full path to a file that will be used as the postinstall script for the named <COMP> component's package, where <COMP> is the uppercased component name. No postinstall script is added if this variable is not defined for a given component.

(the tooling I use for Mac packaging makes my life so easy, relatively speaking 😅 I know we'd have to rip

make

out of the rest of the world's clammy dead hands, but)

Thank you @Stefano Bonicatti and @allister